Why is use after free error is so common?
How can "use after free" exploit lead into execution of code?
Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone
This memory safety issue everyone's talking about... It's not really a huge deal in gamedev, right? What other domains where C++ excels at aren't too concerned about it?
How serious are use-after-free vulnerabilities?
Why are use-after-free vulnerabilities dangerous?
They allow attackers to hijack the flow of software, execute arbitrary code, access sensitive information, or cause crashes.
What is a use after free vulnerability?
Use after free (UAF) is a type of bug that can be exploited in programming languages that are not memory-safe. In C++, a developer is responsible for allocating (and deallocating) memory on either the stack or the heap. While memory on the stack is statically allocated, memory on the heap can be dynamically allocated and deallocated.
Videos
Whenever I hear about a software vulnerability, most of the time it comes down to use after free. Why is it so? Doesn't setting the pointer to NULL would solve this problem? Here's a macro I wrote in 5mins on my phone that I believe would solve the issue and spot this vulnerability in debug build
#if DEBUG
#define NIL ((void*)0xFFFFFFFFFFFFFFFFUL)
#else
#define NIL ((void *)0)
#endif
#define FREE(BLOCK) do { \
#if DEBUG \
if (BLOCK == NIL) { \
/* log the error, filename, linenumber, etc... and exit the program */ \
} \
#endif \
free(BLOCK); \
BLOCK = NIL; \
} while (0)Is this approach bad? Or why something like this isn't done?
If this post is stupid and/or if I'm missing something, please go easy on me.
P.S. A while after posting this, I just realised that I was confusing use after free with double freeing memory. My bad