0

It is said to be good practice to set a pointer to NULL after freeing the memory, from a security point of view. What happens if you set the pointer to NULL before freeing the memory? How would this cause a vulnerability?

boomselector
  • 45
  • 9
  • 4
    It would not cause a security vulnerability, it would just cause a memory leak. This only means that your program may get terminated if you have too many memory leaks. – Andreas Wenzel Oct 06 '20 at 01:44
  • 2
    _Side note:_ Setting a [freed] pointer to `NULL` is good practice for some other reasons. (1) Although you should never free a pointer after it's already been freed, nulling it would turn the second `free` into something "less harmful" [because `free` ignores a null] (vs. a "double free" abort by `free`). (2) You should never dereference/use a pointer after it's been freed, but if a mistake is made: (e.g.) `free(ptr); val = *ptr;`, this would produce UB/incorrect results [silently]. Doing `free(ptr); ptr = NULL; val = *ptr;` would cause the bad deref to segfault, so the error would be noticed. – Craig Estey Oct 06 '20 at 02:13
  • 4
    if you set the pointer to null before passing to `free` then how can `free` knows what to free? – phuclv Oct 06 '20 at 02:28

2 Answers2

5

I think you misunderstood the reason it is set to NULL after freeing the memory. You dont want to touch memory that is not yours.

#include <stdio.h>
#include <stdlib.h>

int main()
{
    int *a = malloc(sizeof(int));
    free(a);
    printf("%p", a);
    *a = 1;
    return 0;
}

We free the pointer, but it still points to the same address. And i can write to it "no problem". Actually in this case you get into undefined behavior.

So if you free the pointer, and use it later, you are setting up for disaster. But if you set it to NULL, then you will segfault. Like in this case.

#include <stdio.h>
#include <stdlib.h>

int main()
{
    int *a = malloc(sizeof(int));
    free(a);
    printf("%p", a);
    a = NULL;
    *a = 1;
    return 0;
}

So if you dereference a freed pointer, at least you will get to know it for sure while you test the app.

Now if you set it to NULL before freeing the memory, you will just leak memory. It is still bad.

Andreas Wenzel
  • 22,760
  • 4
  • 24
  • 39
Pablochaches
  • 968
  • 10
  • 25
  • 1
    In your second example, setting the pointer to NULL doesn't guarantee a segfault. Dereferencing a NULL pointer is also undefined behavior so a segfault is just one possible result. – Blastfurnace Oct 06 '20 at 16:29
  • True, it is pretty much implementation defined. I didnt know that, I thougt you will always segfault if you dereferenced NULL. [I think this answer explains it really well.](https://stackoverflow.com/questions/12645647/what-happens-in-os-when-we-dereference-a-null-pointer-in-c) Thanks for pointing that out @Blastfurnace. – Pablochaches Oct 06 '20 at 19:02
3

What happens if you set the pointer to NULL before freeing the memory?

If you try to free a null pointer, nothing will happen.

If there are other pointers to the same memory, they can continue to be used to reference and eventually free the memory.

If that's the only pointer to that memory, the memory cannot be referenced again. The process will hold onto the memory until it exits. It is a "memory leak".

Processes with memory leaks will use more and more memory. Leaks are common enough that long running processes and even entire servers are habitually restarted daily.

Schwern
  • 153,029
  • 25
  • 195
  • 336