dangling pointer


Also found in: Wikipedia.

dangling pointer

(programming)
A reference that doesn't actually lead anywhere. In C and some other languages, a pointer that doesn't actually point at anything valid. Usually this happens because it formerly pointed to something that has moved or disappeared, e.g. a heap-allocated block which has been freed and reused.

Used as jargon in a generalisation of its technical meaning; for example, a local phone number for a person who has since moved is a dangling pointer.
Mentioned in ?
References in periodicals archive ?
Definition 1 The pointer variable p is a dangling pointer, if and only if (x := allocate(size) | 0 [less than or equal to] x [less than or equal to] [2.sup.32] -1) [conjunction] (p [member of] [x, x + size -1]) [conjunction] (release(x))
Definition 2 A program crash is UAF vulnerability, if and only if the dangling pointer is generated and reused during the execution process of the program.
It should be noted that not all the dangling pointers generated by program will cause crash, only the key dangling pointer (noted KDP) which cause crash is concerned.
To exploit UAF vulnerability, "memory occupying" should be carried out, that is, before the dangling pointer is reused, the pointed memory area is first filled as the controllable data.
According to Definition 1, the dangling pointer must be a released one, and according to Property 1, the crash context will restore the information of the KDP.
Since the causes of not-UAF vulnerability are irrelevant with the dangling pointers, it is difficult to find the candidate set of the KDP, leading to a clustering eigenvalue of 0 on y-axis.
Table 1 illustrates the comparison results of runtime between ADEDU, FileFuzz [22], MSEC [27] and UnDangle [12] which can find dangling pointers. ADEDU analyzed 1041 samples in 12692 seconds, average 12.2 seconds per sample.
Studies on UAF vulnerability: Some debugging tools such as Purify [18] can find the dangling pointers by checking whether the pointers are pointing to the live memory.
"In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling pointer that the plugin could execute, potentially calling into attacker-controlled memory," the security update states.
The developers say that, "In certain circumstances, properties in the plug-in instance's parameter array could be freed prematurely leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory."
Dynamic Memory Allocation (A): Dynamic memory management is a common source of programming flaws that can lead to heap-buffer overflows, dangling pointers, double-free issues, and other security problems.