Support
Eng
Рус
Company
Home page
Services
Solutions
Documentation
News and Events
Company
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Web Application Security / Vulnerability / Code Quality Vulnerability / Memory Leak

Memory Leak
Article ID: 114
Last updated: 06 May, 2008
Print
Email to friend
Add comment
Views: 120
Comments: 0
Posted: 06 May, 2008
by: Tech Pubs S.
Updated: 06 May, 2008
by: Tech Pubs S.

Memory Leak

Abstract

Memory is allocated but never freed.

Description

Memory leaks have two common and sometimes overlapping causes:

  • Error conditions and other exceptional circumstances.
  • Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].

Examples

The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes: 

	char* getBlock(int fd) {
	char* buf = (char*) malloc(BLOCK_SIZE);
	if (!buf) {
	  return NULL;
	}
	if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
	  return NULL;
	}
	return buf;
	}
This article was:   Helpful | Not Helpful Add comment
Prev   Next
Null Dereference     Leftover Debug Code

RSS
Powered by KBPublisher (Knowledge base software)