BF Memory Management (MMN) Bugs Class
Irena Bojanova, Inventor, Creator, PI, Bugs Framework (BF)

Definition

An object is allocated, deallocated, or resized improperly.

Taxonomy

OperationsDefinition
AllocateReserve space in memory for an object; defines its initial boundaries and size.
ExtendReserve additional memory for an object in the same space; changes its boundaries and size.
Reallocate-ExtendReserve a new larger piece of memory for an object at a new address, copy the object content there, reassign its pointer, and deallocate the previous piece of memory.
DeallocateRelease the allocated memory of an object.
ReduceDeallocates part of the object memory; redefines its boundaries and size.
Reallocate-ReduceReserve a new smaller space in memory for an object at a new address, copy part of the object content there, reassign the pointer, and deallocate the previous piece of memory.
OperandsDefinition
DataThe data value of an object -- stored in object's memory.
AddressThe memory address for an object. Its value is data of another object, the object's pointer, used to reference and traverce the object.
CausesDefinition
Code Defect BugThe operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability.
   Missing CodeThe entire operation implementation or a part of its specification is absent.
   Mismatched OperationThe deallocation function does not match the allocation function used for the same object.
   Erroneous CodeThe operation implementation has a bug.
Data FaultThe object data has harmed semantics or inconsistent or wrong value
   Hardcoded AddressThe pointer points a wrong specific address.
   Forbidden AddressThe pointer points to an OS protected or non-existing address.
   Single Owned AddressExactly one pointer owns the object.
   Wrong SizeThe value used as size does not match the actual size of the object.
Address FaultThe object address in use is wrong.
   Wild PointerPoints to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
   Dangling PointerStill points to the address of its successfully deallocated object.
   Wrong Position PointerPoints to a miscalculated position inside its object bounds.
Size FaultThe object size in use is wrong.
   Not Enough MemoryThe allocated memory is too little for the data it should store.
ConsequencesDefinition
Address ErrorThe object address in use is wrong.
   NULL PointerPoints to the zero address, a specific invalid address.
   Wild PointerPoints to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
   Dangling PointerStill points to the address of its successfully deallocated object.
Size ErrorThe object size in use is wrong.
   Not Enough MemoryThe allocated memory is too little for the data it should store.
Memory Corruption/Disclosure Final ErrorAn exploitable or undefined system behavior caused by memory addressing, allocation, use, and deallocation bugs.
   Memory OverflowMore memory is requested than available.
   Memory LeakAn object has no pointer pointing to it.
   Double FreeAn attempt to deallocate a deallocated object or via an uninitialized pointer.
   Object CorruptionAn object's data value is unintentionally altered.
Operations AttributesDefinition
MechanismShows how the buggy/faulty operation code is performed.
   ImplicitThe operation is performed without a function/method call.
   ExplicitThe operation is performed by a function/method call.
Source CodeShows where the buggy/faulty operation code is in the program -- in what kind of software.
   CodebaseThe operation is in the programmer's code - in the application itself.
   Third-PartyThe operation is in a third-party software.
   Standard LibraryThe operation is in the standard library for a particular programming language.
   Compiler/InterpreterThe operation is in the language processor that allows execution or creates executables (compiler, assembler, interpreter).
Execution SpaceShows where the buggy/faulty operation code is running or with what privilege level).
   UserlandThe bugged code runs in an environment with privilege levels, but in unprivileged mode (e.g., ring 3 in x86 architecture).
   KernelThe bugged code runs in an environment with privilege levels with access privileged instructions (e.g., ring 0 in x86 architecture).
   Bare-MetalThe bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operands AttributesDefinition
         Address StateShows where the address is in the memory layout.
            StackThe object is a non-static local variable (defined in a function, a passed parameter, or a function return address).
            HeapThe object is a dynamically allocated data structure (e.g., via malloc() and new).
            /other/Other kinds of memory layout (e.g. Uninitialized Data Segment, Data Segment, and Code Segment could be used for C).