Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Undefined Behavior: Redundant Delete
Abstract
Explicitly deleting a managed pointer will cause the program to crash or otherwise misbehave.
Explanation
Deleting a managed pointer will cause the program to crash or otherwise do the wrong thing when, later on, the pointer management code assumes that the pointer is still valid. The following example illustrates the error.
The only exception to this rule comes when a managed pointer class supports a "detach" operation allowing the programmer to take control of memory management for the given pointer. If the program detaches the pointer from the management class before calling
std::auto_ptr<foo> p(new foo);
foo* rawFoo = p.get();
delete rawFoo;
The only exception to this rule comes when a managed pointer class supports a "detach" operation allowing the programmer to take control of memory management for the given pointer. If the program detaches the pointer from the management class before calling
delete, the management class knows not to use the pointer any further.References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 730
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[3] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[4] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[5] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[28] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[29] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.redundant_delete