When access checking is turned on, runtime checking detects and reports the following types of errors.
Problem: Attempt to free memory that has never been allocated.
Possible causes: Passing a non-heap data pointer to free() or realloc().
Example:
char a[4]; char *b = &a[0]; free(b); /* Bad free (baf) */
Problem: Attempt to free a heap block that has already been freed.
Possible causes: Calling free() more than once with the same pointer. In C++, using the delete operator more than once on the same pointer.
Example:
char *a = (char *)malloc(1); free(a); free(a); /* Duplicate free (duf) */
Problem: Attempt to free a misaligned heap block.
Possible causes: Passing an improperly aligned pointer to free() or realloc(); changing the pointer returned by malloc.
Example:
char *ptr = (char *)malloc(4); ptr++; free(ptr); /* Misaligned free */
Problem: Attempt to read data from an address without proper alignment.
Possible causes: Reading 2, 4, or 8 bytes from an address that is not half-word-aligned, word-aligned, or double-word-aligned, respectively.
Example:
char *s = “hello world”; int *i = (int *)&s[1]; int j; j = *i; /* Misaligned read (mar) */
Problem: Attempt to write data to an address without proper alignment.
Possible causes: Writing 2, 4, or 8 bytes to an address that is not half-word-aligned, word-aligned, or double-word-aligned, respectively.
Example:
char *s = “hello world”; int *i = (int *)&s[1]; *i = 0; /* Misaligned write (maw) */
Problem: Attempt to allocate memory beyond physical memory available.
Cause: Program cannot obtain more memory from the system. Useful in locating problems that occur when the return value from malloc() is not checked for NULL, which is a common programming mistake.
Example:
char *ptr = (char *)malloc(0x7fffffff); /* Out of Memory (oom), ptr == NULL */
Problem: Attempt to read from nonexistent, unallocated, or unmapped memory.
Possible causes: A stray pointer, overflowing the bounds of a heap block or accessing a heap block that has already been freed.
Example:
char c, *a = (char *)malloc(1); c = a[1]; /* Read from unallocated memory (rua) */
Problem: Attempt to read from uninitialized memory.
Possible causes: Reading local or heap data that has not been initialized.
Example:
foo() { int i, j; j = i; /* Read from uninitialized memory (rui) */ }
Problem: Attempt to write to read-only memory.
Possible causes: Writing to a text address, writing to a read-only data section (.rodata), or writing to a page that mmap has made read-only.
Example:
foo() { int *foop = (int *) foo; *foop = 0; /* Write to read-only memory (wro) */ }
Problem: Attempt to write to nonexistent, unallocated, or unmapped memory.
Possible causes: A stray pointer, overflowing the bounds of a heap block, or accessing a heap block that has already been freed.
Example:
char *a = (char *)malloc(1); a[1] = ”\0’; /* Write to unallocated memory (wua) */