Dear FreeGuard authors,
We have noticed that FreeGuard does not abort when detecting some misuses of free (CWE-761), and are wondering if this is expected behavior.
For example, in the following, the execution of the code continues after the misuse of free (freeing a stack pointer) has been detected:
#include <stdlib.h>
#include <stdio.h>
int main()
{
char p[8];
free(p);
printf("p at %p\n", p);
return 0;
}The error is reported, but the program is not aborted:
7f8b78c73740 [ERR]: libfreeguard.cpp:209 : invalid free on address 0x7ffe6f5d1334
p at 0x7ffe6f5d1334
Note that this is not the case for a double-free or when freeing a heap pointer that does not point to the beginning of an object. In those cases, the program is aborted as expected.
We used the latest version:
commit bfdf6d9a5b25c3f8f974c6a2ac7bb286e5c2b296
Compiled the code with clang:
clang version 19.1.0-rc4 (https://github.com/llvm/llvm-project.git f0010d131b79a1b401777aa32e96defc4a935c9d)
Target: x86_64-unknown-linux-gnu
Thread model: posix
Commands used:
clang ./misuse_of_free.c
LD_PRELOAD=/media/manu/external_data/phd/sanitizers/FreeGuard/libfreeguard.so a.out
Dear FreeGuard authors,
We have noticed that FreeGuard does not abort when detecting some misuses of free (CWE-761), and are wondering if this is expected behavior.
For example, in the following, the execution of the code continues after the misuse of free (freeing a stack pointer) has been detected:
The error is reported, but the program is not aborted:
Note that this is not the case for a double-free or when freeing a heap pointer that does not point to the beginning of an object. In those cases, the program is aborted as expected.
We used the latest version:
Compiled the code with clang:
Commands used: