From f57b1d3186e5d0316e2cd91f769c95a897767588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Fri, 17 May 2024 16:24:20 +0200 Subject: [PATCH 1/5] force dummy change to trigger internal checks --- cpp/ql/src/Critical/DoubleFreeBad.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/Critical/DoubleFreeBad.cpp b/cpp/ql/src/Critical/DoubleFreeBad.cpp index 92b12ea5bcbc..1e5d6b539402 100644 --- a/cpp/ql/src/Critical/DoubleFreeBad.cpp +++ b/cpp/ql/src/Critical/DoubleFreeBad.cpp @@ -1,3 +1,4 @@ + int* f() { int *buff = malloc(SIZE*sizeof(int)); do_stuff(buff); From fb3140a6cdb582396bb2c74be917a1bd3026a84a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 14 Apr 2025 14:42:33 +0200 Subject: [PATCH 2/5] Add missing newline in DoubleFreeBad.cpp --- cpp/ql/src/Critical/DoubleFreeBad.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/Critical/DoubleFreeBad.cpp b/cpp/ql/src/Critical/DoubleFreeBad.cpp index 1e5d6b539402..8c410f75f8a7 100644 --- a/cpp/ql/src/Critical/DoubleFreeBad.cpp +++ b/cpp/ql/src/Critical/DoubleFreeBad.cpp @@ -7,5 +7,6 @@ int* f() { free(buff); // BAD: If new_buffer is assigned the same address as buff, // the memory allocator will free the new buffer memory region, // leading to use-after-free problems and memory corruption. + return new_buffer; } From bdda2a7773c2257c29f34b3a36bdd76bbce71b62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 14 Apr 2025 14:44:59 +0200 Subject: [PATCH 3/5] Fix indentation in DoubleFreeBad.cpp comments --- cpp/ql/src/Critical/DoubleFreeBad.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/src/Critical/DoubleFreeBad.cpp b/cpp/ql/src/Critical/DoubleFreeBad.cpp index 8c410f75f8a7..3689c6710009 100644 --- a/cpp/ql/src/Critical/DoubleFreeBad.cpp +++ b/cpp/ql/src/Critical/DoubleFreeBad.cpp @@ -4,9 +4,9 @@ int* f() { do_stuff(buff); free(buff); int *new_buffer = malloc(SIZE*sizeof(int)); - free(buff); // BAD: If new_buffer is assigned the same address as buff, - // the memory allocator will free the new buffer memory region, - // leading to use-after-free problems and memory corruption. - + free(buff); + // BAD: If new_buffer is assigned the same address as buff, + // the memory allocator will free the new buffer memory region, + // leading to use-after-free problems and memory corruption. return new_buffer; } From 60e250c3ae8434e0e5b591f4f1bd328b96094734 Mon Sep 17 00:00:00 2001 From: Sam Robson Date: Mon, 14 Apr 2025 15:01:46 +0100 Subject: [PATCH 4/5] trigger checks --- cpp/ql/src/Critical/DoubleFreeBad.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/Critical/DoubleFreeBad.cpp b/cpp/ql/src/Critical/DoubleFreeBad.cpp index 3689c6710009..b0f83113ae43 100644 --- a/cpp/ql/src/Critical/DoubleFreeBad.cpp +++ b/cpp/ql/src/Critical/DoubleFreeBad.cpp @@ -5,6 +5,7 @@ int* f() { free(buff); int *new_buffer = malloc(SIZE*sizeof(int)); free(buff); + // BAD: If new_buffer is assigned the same address as buff, // the memory allocator will free the new buffer memory region, // leading to use-after-free problems and memory corruption. From b65858fbcf32a4aa05c9eb1d467530b22d1fa000 Mon Sep 17 00:00:00 2001 From: Sam Robson Date: Mon, 14 Apr 2025 15:21:20 +0100 Subject: [PATCH 5/5] trigger checks --- cpp/ql/src/Critical/DoubleFreeBad.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Critical/DoubleFreeBad.cpp b/cpp/ql/src/Critical/DoubleFreeBad.cpp index b0f83113ae43..1061142d11b4 100644 --- a/cpp/ql/src/Critical/DoubleFreeBad.cpp +++ b/cpp/ql/src/Critical/DoubleFreeBad.cpp @@ -5,9 +5,9 @@ int* f() { free(buff); int *new_buffer = malloc(SIZE*sizeof(int)); free(buff); - // BAD: If new_buffer is assigned the same address as buff, // the memory allocator will free the new buffer memory region, // leading to use-after-free problems and memory corruption. + // abc return new_buffer; }