Memory Leak

From OWASP

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by

.

Abstract

Memory is allocated but never freed.

Description

Memory leaks have two common and sometimes overlapping causes:

Error conditions and other exceptional circumstances.
Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].

Examples

The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes:

	char* getBlock(int fd) {
	char* buf = (char*) malloc(BLOCK_SIZE);
	if (!buf) {
	  return NULL;
	}
	if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
	  return NULL;
	}
	return buf;
	}

Related Threats

Related Attacks

Category:Denial of Service Attack

Related Vulnerabilities

Related Countermeasures

References

[1] J. Whittaker and H. Thompson. How to Break Software Security. Addison Wesley, 2003.

Categories

Retrieved from "http://www.owasp.org/index.php/Memory_Leak"

Categories: OWASP ASDR Project | Code Quality Vulnerability | C | Implementation | Code Snippet

Views

Personal tools

Log in / create account

Reference

search

Toolbox