Home / Vulnerability Database / Objective-C : Mistaken direct release
Objective-C

Objective-C : Mistaken direct release

Classification

OWASP Mobile Top 10 2016

Overview

Instance variable that was synthesized for a weak or assign property should not be released in -dealloc.

Class CIFilter will release instance variables belonging to its subclasses if the variable name starts with input or backs a property whose name starts with “input”.

The dealloc method frees the memory occupied by the object. This method is automatically called just before the object is deallocated or any of its instance variables are destroyed. When ARC is disabled, you need to add the method dealloc in the implementation of the class, which correctly frees the instance variables. When using ARC, instance variables are destroyed automatically, but it is necessary to override dealloc in order to, for example, remove an object from other services and managers to which it is subscribed, invalidate timers, as well as to release non-Objective-C objects.

MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Mistaken direct release in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection