ABSTRACT

Freeing a stack buffer will result in unexpected program behavior.

EXPLANATION

Do not explicitly deallocate stack memory. A function that defines a stack buffer will automatically deallocate the buffer when the function returns.

Example:


void clean_up()
{
char tmp[256];
...
free(tmp);
return;
}


Explicitly freeing stack memory can corrupt memory allocation data structures. It can lead to abnormal program termination or further data corruption.

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service

[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II

[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 730

[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9