ABSTRACT

Explicitly deleting a managed pointer will cause the program to crash or otherwise misbehave.

EXPLANATION

Deleting a managed pointer will cause the program to crash or otherwise do the wrong thing when, later on, the pointer management code assumes that the pointer is still valid. The following example illustrates the error.


std::auto_ptr<foo> p(new foo);
foo* rawFoo = p.get();
delete rawFoo;


The only exception to this rule comes when a managed pointer class supports a "detach" operation allowing the programmer to take control of memory management for the given pointer. If the program detaches the pointer from the management class before calling delete, the management class knows not to use the pointer any further.

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service

[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II

[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 730

[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9