‘new’ object freed with ‘delete’¶
ID: cpp/new-delete-array-mismatch Kind: problem Severity: warning Precision: high Tags: - reliability Query suites: - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
This rule finds
delete expressions that are using a pointer that points to memory allocated using the
new operator. Behavior in such cases is undefined and should be avoided.
new operator allocates memory for just one object, then calls that object’s constructor, and
delete does the opposite. The array
delete operator, however, expects the pointer to be pointing to the first element of an array (which could have header data specifying the length of the array) and would attempt to call the destructor on each element of the ‘array’, which would likely lead to a segfault due to the invalid header data.
WARNING: This check is an approximation, so some results may not be actual defects in the program. It is not possible in general to compute the values of pointers without running the program with all input data.
delete operator when freeing memory allocated with
Record *ptr = new Record(...); ... delete  ptr; // ptr was created using 'new', but was freed using 'delete'
S. Meyers. Effective C++ 3d ed. pp 73-75. Addison-Wesley Professional, 2005.