Memory Leak

Abstract
Memory is allocated but never freed.

Description
Memory leaks have two common and sometimes overlapping causes:


 * Error conditions and other exceptional circumstances.
 * Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].

Examples
The following C function leaks a block of allocated memory if the call to read fails to return the expected number of bytes:

char* getBlock(int fd) { char* buf = (char*) malloc(BLOCK_SIZE); if (!buf) { return NULL; }	if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) { return NULL; }	return buf; }

Related Attacks
Category:Denial of Service Attack