Why is use after free error is so common?
Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone
An Introduction to Use After Free Vulnerabilities
It's sad the site is unusable on phone :/
More on reddit.comZenbleed Write-up: New use-after-free exploit affecting all AMD Zen 2 CPUs.
AMD's current mitigation is to set the (controversially named) chicken bit to DE_CFG[9].
AMD has patched the microcode for only the EPYC 7002 series. The remaining datacenter CPUs are expected to be patched in October, whereas consumer CPUs will be vulnerable until December (source).
As a sidenote, this exploit is not really comparable to Spectre. While both involved speculative execution, Spectre was a design flaw in the entire concept of speculative execution whereas this appears to be a very specific set of misbehaving instructions.
More on reddit.comWhat is the best way to prevent use-after-free bugs in new software?
Adopt memory-safe languages, use strict code review processes, rely on automated analysis tools, and keep all dependencies up to date.
Which software is most affected by use-after-free bugs?
How serious are use-after-free vulnerabilities?
Videos
Whenever I hear about a software vulnerability, most of the time it comes down to use after free. Why is it so? Doesn't setting the pointer to NULL would solve this problem? Here's a macro I wrote in 5mins on my phone that I believe would solve the issue and spot this vulnerability in debug build
#if DEBUG
#define NIL ((void*)0xFFFFFFFFFFFFFFFFUL)
#else
#define NIL ((void *)0)
#endif
#define FREE(BLOCK) do { \
#if DEBUG \
if (BLOCK == NIL) { \
/* log the error, filename, linenumber, etc... and exit the program */ \
} \
#endif \
free(BLOCK); \
BLOCK = NIL; \
} while (0)Is this approach bad? Or why something like this isn't done?
If this post is stupid and/or if I'm missing something, please go easy on me.
P.S. A while after posting this, I just realised that I was confusing use after free with double freeing memory. My bad