1704:
1694:
1684:
1674:
1664:
20:
969:
or to an invalid address once the storage they point to has been released. When the null pointer is dereferenced (in most languages) the program will immediately terminate—there is no potential for data corruption or unpredictable behavior. This makes the underlying programming mistake easier to find
111:
Wild pointers, also called uninitialized pointers, arise when a pointer is used prior to initialization to some known state, which is possible in some programming languages. They show the same erratic behavior as dangling pointers, though they are less likely to stay undetected because many compilers
523:
pointer being overwritten. Alternatively, if the pointer is used for writing to memory, some other data structure may be corrupted. Even if the memory is only read once the pointer becomes dangling, it can lead to information leaks (if interesting data is put in the next structure allocated there)
65:, when an object that has an incoming reference is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory. The system may reallocate the previously freed memory, and if the program then
941:
In languages like Java, dangling pointers cannot occur because there is no mechanism to explicitly deallocate memory. Rather, the garbage collector may deallocate memory, but only when the object is no longer reachable from any references.
216:
library calls: a pointer becomes dangling when the block of memory it points to is freed. As with the previous example one way to avoid this is to make sure to reset the pointer to null after freeing its reference—as demonstrated below.
528:(if the now-invalid memory is used in security checks). When a dangling pointer is used after it has been freed without allocating a new chunk of memory to it, this becomes known as a "use after free" vulnerability. For example,
991:
depending on what has been freed). This usually prevents the data from being reused by making it useless and also very prominent (the pattern serves to show the programmer that the memory has already been freed).
421:
Wild pointers are created by omitting necessary initialization prior to first use. Thus, strictly speaking, every pointer in programming languages which do not enforce initialization begins as a wild pointer.
305:
An all too common misstep is returning addresses of a stack-allocated local variable: once a called function returns, the space for these variables gets deallocated and technically they have "garbage values".
205:, a solution to the above is to assign 0 (null) to dp immediately before the inner block is exited. Another solution would be to somehow guarantee dp is not used again without further initialization.
76:, as the memory may now contain completely different data. If the program writes to memory referenced by a dangling pointer, a silent corruption of unrelated data may result, leading to subtle
1224:
900:), creating something like a metalanguage or can be embedded into a tool library apart. In every case, programmers using this technique should use the safe versions in every instance where
88:(Windows). If the program has sufficient privileges to allow it to overwrite the bookkeeping data used by the kernel's memory allocator, the corruption can cause system instabilities. In
407:(1945–1996) has created a complete object management system which is free of dangling reference phenomenon. A similar approach was proposed by Fisher and LeBlanc under the name
904:
would be used; failing in doing so leads again to the problem. Also, this solution is limited to the scope of a single program or project, and should be properly documented.
96:, dangling references are prevented by only destroying objects that are unreachable, meaning they do not have any incoming pointers; this is ensured either by tracing or
556:(or alike) function which guarantees the reset of the pointer. However, this technique will not clear other pointer variables which may contain a copy of the pointer.
128:
on return does not alter associated pointers. The pointer still points to the same location in memory even though that location may now be used for other purposes.
1030:) instrument the source code to collect and track legitimate values for pointers ("metadata") and check each pointer access against the metadata for validity.
80:
that can be extremely difficult to find. If the memory has been reallocated to another process, then attempting to dereference the dangling pointer can cause
938:
with a garbage collector. This approach completely eliminates dangling pointer errors by disabling frees, and reclaiming objects by garbage collection.
397:
1194:
1644:
1305:
957:. Unless one disables the features of the language, dangling pointers will be caught at compile time and reported as programming errors.
1131:
1738:
1353:
954:
425:
This most often occurs due to jumping over the initialization, not by omitting it. Most compilers are able to warn about this.
1697:
1501:
1325:
931:
93:
1687:
1054:
973:
Some debuggers will automatically overwrite and destroy data that has been freed, usually with a specific pattern, such as
1733:
1707:
1524:
1298:
515:
bugs, dangling/wild pointer bugs frequently become security holes. For example, if the pointer is used to make a
1649:
1107:
1045:, and any call to a member function will crash the program and it will show the guilty code in the debugger.
1033:
Another strategy, when suspecting a small set of classes, is to temporarily make all their member functions
1509:
1347:
55:
1486:
946:
1667:
1554:
1544:
1534:
1387:
1291:
1225:"New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks"
541:
409:
842:
The alternative version can be used even to guarantee the validity of an empty pointer before calling
367:
Attempts to read from the pointer may still return the correct value (1234) for a while after calling
1613:
1089:
1473:
1202:
121:
89:
85:
112:
will raise a warning at compile time if declared variables are accessed before being initialized.
1677:
1539:
1514:
1420:
927:
916:
907:
Among more structured solutions, a popular technique to avoid dangling pointers in C++ is to use
1252:
1728:
1491:
1443:
1341:
1180:
965:
To expose dangling pointer errors, one common programming technique is to set pointers to the
1519:
536:
is a use-after-free vulnerability in
Microsoft Internet Explorer 6 through 11 being used by
1038:
525:
66:
35:
970:
and resolve. This technique does not help when there are multiple copies of the pointer.
8:
1397:
1000:
618:/* free(NULL) works properly, so no check is required besides the assert in debug mode */
105:
42:
that do not point to a valid object of the appropriate type. These are special cases of
1639:
1623:
1549:
1027:
912:
519:
call, a different address (possibly pointing at exploit code) may be called due to the
402:
97:
81:
71:
62:
1415:
1314:
1275:
1168:
1153:
371:, but any functions called thereafter may overwrite the stack storage allocated for
1587:
1430:
1008:
529:
516:
1145:
375:
with other values and the pointer would no longer work correctly. If a pointer to
1582:
1481:
1064:
537:
533:
512:
385:
1263:
1597:
1564:
1559:
1405:
1364:
1034:
920:
1722:
1574:
1377:
1372:
908:
43:
966:
552:
In C, the simplest technique is to implement an alternative version of the
202:
77:
39:
1019:
1618:
1069:
1037:: after the class instance has been destructed/freed, its pointer to the
950:
208:
Another frequent source of dangling pointers is a jumbled combination of
125:
1382:
1023:
975:
1529:
1410:
1276:
Efficiently
Detecting All Dangling Pointer Uses in Production Servers
1143:
996:
101:
1283:
819:/* p2 is still a dangling pointer, so this is undefined behavior. */
1463:
1458:
1448:
1438:
1059:
1004:
19:
1453:
1232:
392:
201:
If the operating system is able to detect run-time references to
124:) deleting an object from memory explicitly or by destroying the
1144:
Dalci, Eric; anonymous author; CWE Content Team (May 11, 2012).
520:
953:
has been extended to include also the variables lifetimes and
935:
504:
934:
that replaces standard memory allocation functions in C and
383:
must have scope beyond the function—it might be declared as
1223:
Chen, Xiaobo; Caselden, Dan; Scott, Mike (April 26, 2014).
1090:"Warning Options - Using the GNU Compiler Collection (GCC)"
1012:
798:/* this second call won't fail as p is reset to NULL */
896:
directives to construct useful macros (a common one being
1326:
Memory management as a function of an operating system
1015:
can also be used to detect uses of dangling pointers.
979:(Microsoft's Visual C/C++ debugger, for example, uses
915:
to reclaim objects. Some other techniques include the
1128:
The implementation of run-time diagnostics in Pascal
636:/* deallocate chunk, note that free(NULL) is valid */
547:
1104:Programmed deallocation without dangling reference
104:may create new references to an object, requiring
1222:
866:/* i'm not sure if chunk has been released */
771:/* safety freeing; does not affect p2 variable */
1720:
898:#define XFREE(ptr) safefree((void **)&(ptr))
573:/* Alternative version for 'free()' */
393:Manual deallocation without dangling reference
1299:
960:
115:
16:Pointer that does not point to a valid object
1645:International Symposium on Memory Management
58:that do not resolve to a valid destination.
1306:
1292:
1199:Common Vulnerabilities and Exposures (CVE)
505:Security holes involving dangling pointers
493:* Using this feature may be considered bad
131:A straightforward example is shown below:
1132:IEEE Transactions on Software Engineering
416:
1122:
1120:
603:/* in debug mode, abort if pp is NULL */
18:
487:* at start and retain their values from
484:* static variables are initialized to 0
279:/* dp now becomes a dangling pointer */
1721:
955:resource acquisition is initialization
1313:
1287:
1117:
1055:Common Vulnerabilities and Exposures
1354:Input–output memory management unit
1253:Visual C++ 6.0 memory-fill patterns
13:
193:/* dp is now a dangling pointer */
14:
1750:
911:. A smart pointer typically uses
892:These uses can be masked through
108:to prevent a dangling reference.
1703:
1702:
1693:
1692:
1683:
1682:
1673:
1672:
1663:
1662:
548:Avoiding dangling pointer errors
1739:Pointers (computer programming)
1525:Concurrent mark sweep collector
1102:Gianna Cioni, Antoni Kreczmar,
926:Another approach is to use the
61:Dangling pointers arise during
1650:Region-based memory management
1268:
1257:
1246:
1216:
1187:
1137:
1108:Information Processing Letters
1096:
1082:
294:/* dp is no longer dangling */
1:
1126:C. N. Fisher, R. J. Leblanc,
1075:
481:/* scp is not a wild pointer:
120:In many languages (e.g., the
1698:Memory management algorithms
1510:Automatic Reference Counting
1348:Translation lookaside buffer
1201:. 2014-01-29. Archived from
654:/* reset original pointer */
69:the (now) dangling pointer,
46:violations. More generally,
7:
1688:Automatic memory management
1487:C dynamic memory allocation
1150:Common Weakness Enumeration
1048:
496:* style if not commented */
490:* the last call afterwards.
10:
1755:
1734:Computer security exploits
1708:Memory management software
1555:Tracing garbage collection
1388:Virtual memory compression
1274:Dhurjati, D. and Adve, V.
961:Dangling pointer detection
542:advanced persistent threat
463:/* dp is a wild pointer */
190:/* c falls out of scope */
116:Cause of dangling pointers
1658:
1632:
1606:
1573:
1500:
1472:
1429:
1396:
1363:
1334:
1321:
1264:Mudflap Pointer Debugging
1146:"CWE-416: Use After Free"
90:object-oriented languages
86:general protection faults
1482:Static memory allocation
1474:Manual memory management
848:
744:/* use the chunk here */
558:
427:
308:
219:
133:
1540:Garbage-first collector
1515:Boehm garbage collector
1421:x86 memory segmentation
928:Boehm garbage collector
1545:Mark–compact algorithm
1342:Memory management unit
741:/* copy the pointer */
417:Cause of wild pointers
122:C programming language
72:unpredictable behavior
24:
1134:, 6(4):313–319, 1980.
22:
1492:new and delete (C++)
1039:Virtual Method Table
1011:, or tools based on
526:privilege escalation
36:computer programming
1398:Memory segmentation
106:object resurrection
82:segmentation faults
48:dangling references
1640:Automatic variable
1624:Unreachable memory
1550:Reference counting
1520:Cheney's algorithm
1502:Garbage collection
1179:has generic name (
913:reference counting
887:/* allocate now */
379:must be returned,
98:reference counting
94:garbage collection
63:object destruction
25:
1716:
1715:
1668:Memory management
1416:Virtual 8086 mode
1315:Memory management
1154:Mitre Corporation
932:garbage collector
930:, a conservative
726:/* get a chunk */
84:(UNIX, Linux) or
28:Dangling pointers
1746:
1706:
1705:
1696:
1695:
1686:
1685:
1676:
1675:
1666:
1665:
1593:Dangling pointer
1588:Buffer over-read
1560:Strong reference
1431:Memory allocator
1308:
1301:
1294:
1285:
1284:
1278:
1272:
1266:
1261:
1255:
1250:
1244:
1243:
1241:
1239:
1220:
1214:
1213:
1211:
1210:
1191:
1185:
1184:
1178:
1174:
1172:
1164:
1162:
1160:
1141:
1135:
1124:
1115:
1100:
1094:
1093:
1086:
1044:
1009:AddressSanitizer
990:
986:
982:
978:
945:In the language
903:
899:
895:
888:
885:
882:
879:
876:
873:
870:
867:
864:
861:
858:
855:
852:
845:
838:
835:
832:
829:
826:
823:
820:
817:
814:
811:
808:
805:
802:
799:
796:
793:
790:
787:
784:
781:
778:
775:
772:
769:
766:
763:
760:
757:
754:
751:
748:
745:
742:
739:
736:
733:
730:
727:
724:
721:
718:
715:
712:
709:
706:
703:
700:
697:
694:
691:
688:
685:
682:
679:
676:
673:
670:
667:
664:
661:
658:
655:
652:
649:
646:
643:
640:
637:
634:
631:
628:
625:
622:
619:
616:
613:
610:
607:
604:
601:
598:
595:
592:
589:
586:
583:
580:
577:
574:
571:
570:<stdlib.h>
568:
565:
564:<assert.h>
562:
555:
538:zero-day attacks
517:virtual function
500:
497:
494:
491:
488:
485:
482:
479:
476:
473:
470:
467:
464:
461:
458:
455:
452:
449:
446:
443:
440:
437:
434:
431:
406:
388:
382:
378:
374:
370:
363:
360:
357:
354:
351:
348:
345:
342:
339:
336:
333:
330:
327:
324:
321:
318:
315:
312:
301:
298:
295:
292:
289:
286:
283:
280:
277:
274:
271:
268:
265:
262:
259:
256:
253:
250:
247:
244:
241:
238:
235:
232:
229:
226:
225:<stdlib.h>
223:
215:
211:
197:
194:
191:
188:
185:
182:
179:
176:
173:
170:
167:
164:
161:
158:
155:
152:
149:
146:
143:
140:
137:
23:Dangling pointer
1754:
1753:
1749:
1748:
1747:
1745:
1744:
1743:
1719:
1718:
1717:
1712:
1654:
1628:
1602:
1583:Buffer overflow
1569:
1496:
1468:
1425:
1392:
1359:
1330:
1317:
1312:
1282:
1281:
1273:
1269:
1262:
1258:
1251:
1247:
1237:
1235:
1221:
1217:
1208:
1206:
1195:"CVE-2014-1776"
1193:
1192:
1188:
1176:
1175:
1166:
1165:
1158:
1156:
1142:
1138:
1125:
1118:
1101:
1097:
1088:
1087:
1083:
1078:
1065:Memory debugger
1051:
1042:
988:
984:
980:
974:
963:
919:method and the
901:
897:
893:
890:
889:
886:
883:
880:
877:
874:
871:
868:
865:
862:
859:
856:
853:
850:
843:
840:
839:
836:
833:
830:
827:
824:
821:
818:
815:
812:
809:
806:
803:
800:
797:
794:
791:
788:
785:
782:
779:
776:
773:
770:
767:
764:
761:
758:
755:
752:
749:
746:
743:
740:
737:
734:
731:
728:
725:
722:
719:
716:
713:
710:
707:
704:
701:
698:
695:
692:
689:
686:
683:
680:
677:
674:
671:
668:
665:
662:
659:
656:
653:
650:
647:
644:
641:
638:
635:
632:
629:
626:
623:
620:
617:
614:
611:
608:
605:
602:
599:
596:
593:
590:
587:
584:
581:
578:
575:
572:
569:
566:
563:
560:
553:
550:
513:buffer-overflow
507:
502:
501:
498:
495:
492:
489:
486:
483:
480:
477:
474:
471:
468:
465:
462:
459:
456:
453:
450:
447:
444:
441:
438:
435:
432:
429:
419:
400:
398:Antoni Kreczmar
395:
384:
380:
376:
372:
368:
365:
364:
361:
358:
355:
352:
349:
346:
343:
340:
337:
334:
331:
328:
325:
322:
319:
316:
313:
310:
303:
302:
299:
296:
293:
290:
287:
284:
281:
278:
275:
272:
269:
266:
263:
260:
257:
254:
251:
248:
245:
242:
239:
236:
233:
230:
227:
224:
221:
213:
209:
199:
198:
195:
192:
189:
186:
183:
180:
177:
174:
171:
168:
165:
162:
159:
156:
153:
150:
147:
144:
141:
138:
135:
118:
52:wild references
17:
12:
11:
5:
1752:
1742:
1741:
1736:
1731:
1714:
1713:
1711:
1710:
1700:
1690:
1680:
1678:Virtual memory
1670:
1659:
1656:
1655:
1653:
1652:
1647:
1642:
1636:
1634:
1630:
1629:
1627:
1626:
1621:
1616:
1610:
1608:
1604:
1603:
1601:
1600:
1598:Stack overflow
1595:
1590:
1585:
1579:
1577:
1571:
1570:
1568:
1567:
1565:Weak reference
1562:
1557:
1552:
1547:
1542:
1537:
1532:
1527:
1522:
1517:
1512:
1506:
1504:
1498:
1497:
1495:
1494:
1489:
1484:
1478:
1476:
1470:
1469:
1467:
1466:
1461:
1456:
1451:
1446:
1441:
1435:
1433:
1427:
1426:
1424:
1423:
1418:
1413:
1408:
1406:Protected mode
1402:
1400:
1394:
1393:
1391:
1390:
1385:
1380:
1375:
1369:
1367:
1365:Virtual memory
1361:
1360:
1358:
1357:
1351:
1345:
1338:
1336:
1332:
1331:
1329:
1328:
1322:
1319:
1318:
1311:
1310:
1303:
1296:
1288:
1280:
1279:
1267:
1256:
1245:
1215:
1186:
1177:|author2=
1136:
1116:
1095:
1080:
1079:
1077:
1074:
1073:
1072:
1067:
1062:
1057:
1050:
1047:
995:Tools such as
962:
959:
921:locks-and-keys
909:smart pointers
849:
559:
549:
546:
506:
503:
428:
418:
415:
410:Locks-and-keys
394:
391:
309:
220:
134:
117:
114:
15:
9:
6:
4:
3:
2:
1751:
1740:
1737:
1735:
1732:
1730:
1729:Software bugs
1727:
1726:
1724:
1709:
1701:
1699:
1691:
1689:
1681:
1679:
1671:
1669:
1661:
1660:
1657:
1651:
1648:
1646:
1643:
1641:
1638:
1637:
1635:
1631:
1625:
1622:
1620:
1617:
1615:
1614:Fragmentation
1612:
1611:
1609:
1605:
1599:
1596:
1594:
1591:
1589:
1586:
1584:
1581:
1580:
1578:
1576:
1575:Memory safety
1572:
1566:
1563:
1561:
1558:
1556:
1553:
1551:
1548:
1546:
1543:
1541:
1538:
1536:
1533:
1531:
1528:
1526:
1523:
1521:
1518:
1516:
1513:
1511:
1508:
1507:
1505:
1503:
1499:
1493:
1490:
1488:
1485:
1483:
1480:
1479:
1477:
1475:
1471:
1465:
1462:
1460:
1457:
1455:
1452:
1450:
1447:
1445:
1442:
1440:
1437:
1436:
1434:
1432:
1428:
1422:
1419:
1417:
1414:
1412:
1409:
1407:
1404:
1403:
1401:
1399:
1395:
1389:
1386:
1384:
1381:
1379:
1378:Memory paging
1376:
1374:
1373:Demand paging
1371:
1370:
1368:
1366:
1362:
1355:
1352:
1349:
1346:
1343:
1340:
1339:
1337:
1333:
1327:
1324:
1323:
1320:
1316:
1309:
1304:
1302:
1297:
1295:
1290:
1289:
1286:
1277:
1271:
1265:
1260:
1254:
1249:
1234:
1230:
1226:
1219:
1205:on 2017-04-30
1204:
1200:
1196:
1190:
1182:
1170:
1155:
1151:
1147:
1140:
1133:
1129:
1123:
1121:
1114:, pp. 179–185
1113:
1109:
1105:
1099:
1091:
1085:
1081:
1071:
1068:
1066:
1063:
1061:
1058:
1056:
1053:
1052:
1046:
1040:
1036:
1031:
1029:
1025:
1021:
1018:Other tools (
1016:
1014:
1010:
1006:
1002:
998:
993:
977:
971:
968:
958:
956:
952:
948:
943:
939:
937:
933:
929:
924:
922:
918:
914:
910:
905:
847:
557:
545:
543:
539:
535:
531:
527:
522:
518:
514:
509:
426:
423:
414:
412:
411:
404:
399:
390:
387:
307:
218:
206:
204:
203:null pointers
132:
129:
127:
123:
113:
109:
107:
103:
100:. However, a
99:
95:
91:
87:
83:
79:
75:
73:
68:
64:
59:
57:
53:
49:
45:
44:memory safety
41:
37:
33:
32:wild pointers
29:
21:
1592:
1270:
1259:
1248:
1236:. Retrieved
1229:FireEye Blog
1228:
1218:
1207:. Retrieved
1203:the original
1198:
1189:
1157:. Retrieved
1149:
1139:
1127:
1111:
1103:
1098:
1084:
1032:
1028:CheckPointer
1017:
994:
972:
967:null pointer
964:
944:
940:
925:
906:
891:
841:
551:
510:
508:
424:
420:
408:
396:
366:
304:
207:
200:
130:
119:
110:
70:
67:dereferences
60:
51:
47:
31:
27:
26:
1619:Memory leak
1070:Wild branch
1007:, Mudflap,
951:type system
401: [
126:stack frame
1723:Categories
1383:Page table
1209:2017-05-16
1076:References
1041:is set to
976:0xDEADBEEF
917:tombstones
74:may result
56:references
1530:Finalizer
1411:Real mode
1238:April 28,
1159:April 28,
1110:, v. 18,
1020:SoftBound
1001:TotalView
997:Polyspace
534:2014-1776
347:/* ... */
297:/* ... */
264:/* ... */
157:/* ... */
102:finalizer
1464:ptmalloc
1459:mimalloc
1449:jemalloc
1439:dlmalloc
1335:Hardware
1169:cite web
1060:Link rot
1049:See also
1024:Insure++
1005:Valgrind
923:method.
851:safefree
844:malloc()
774:safefree
747:safefree
582:safefree
567:#include
561:#include
222:#include
210:malloc()
40:pointers
1535:Garbage
1454:libumem
1356:(IOMMU)
1233:FireEye
1035:virtual
894:#define
258:A_CONST
1607:Issues
1026:, and
949:, the
902:free()
875:malloc
822:return
714:malloc
606:assert
576:static
554:free()
540:by an
524:or to
521:vtable
466:static
386:static
350:return
252:malloc
214:free()
1633:Other
1444:Hoard
1350:(TLB)
1344:(MMU)
857:&
789:&
762:&
511:Like
405:]
353:&
178:&
92:with
1240:2014
1181:help
1161:2014
1112:1984
1043:NULL
1013:LLVM
989:0xDD
985:0xCD
981:0xCC
947:Rust
881:1000
801:char
780:void
753:void
720:1000
693:NULL
681:char
648:NULL
621:free
588:void
579:void
469:char
451:char
369:func
341:1234
323:void
317:func
288:NULL
267:free
240:char
231:func
228:void
212:and
163:char
151:NULL
139:char
78:bugs
54:are
50:and
38:are
30:and
987:or
936:C++
669:int
660:int
530:CVE
475:scp
439:int
430:int
381:num
377:num
373:num
356:num
335:num
332:int
311:int
34:in
1725::
1231:.
1227:.
1197:.
1173::
1171:}}
1167:{{
1152:.
1148:.
1130:,
1119:^
1106:,
1022:,
1003:,
999:,
983:,
884:);
863:);
846::
813:p2
795:);
783:**
777:((
768:);
756:**
750:((
729:p2
723:);
702:p2
642:pp
633:);
630:pp
615:);
612:pp
594:pp
591:**
544:.
457:dp
413:.
403:pl
389:.
282:dp
276:);
273:dp
261:);
246:dp
234:()
172:dp
145:dp
1307:e
1300:t
1293:v
1242:.
1212:.
1183:)
1163:.
1092:.
878:(
872:=
869:p
860:p
854:(
837:}
834:;
831:c
828:+
825:i
816:;
810:*
807:=
804:c
792:p
786:)
765:p
759:)
738:;
735:p
732:=
717:(
711:=
708:p
705:;
699:*
696:,
690:=
687:p
684:*
678:{
675:)
672:i
666:(
663:f
657:}
651:;
645:=
639:*
627:*
624:(
609:(
600:{
597:)
585:(
532:-
499:}
478:;
472:*
460:;
454:*
448:{
445:)
442:i
436:(
433:f
362:}
359:;
344:;
338:=
329:{
326:)
320:(
314:*
300:}
291:;
285:=
270:(
255:(
249:=
243:*
237:{
196:}
187:}
184:;
181:c
175:=
169:;
166:c
160:{
154:;
148:=
142:*
136:{
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.