Skip to content

Improper Resource Management

Rule ID

MI103

Definition

The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

Example

See one of the applicable code examples from CWE.

1
2
3
4
5
6
7
8
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */

...

free(ptr);
}

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

1
2
3
4
5
6
7
8
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */

...

delete ptr;
}

References

  • Common Weakness Enumeration: CWE-415
  • Common Weakness Enumeration: CWE-416
  • Common Weakness Enumeration: CWE-457
  • Common Weakness Enumeration: CWE-562
  • Common Weakness Enumeration: CWE-590
  • Common Weakness Enumeration: CWE-664
  • Common Weakness Enumeration: CWE-665
  • Common Weakness Enumeration: CWE-704
  • Common Weakness Enumeration: CWE-763