Memory Leak

Jump to: navigation, search

This page was marked to be reviewed for deletion.

#REDIRECT Memory_leak


Memory is allocated but never freed.


Memory leaks have two common and sometimes overlapping causes:

  • Error conditions and other exceptional circumstances.
  • Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].


The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes:

	char* getBlock(int fd) {
	char* buf = (char*) malloc(BLOCK_SIZE);
	if (!buf) {
	  return NULL;
	if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
	  return NULL;
	return buf;

Related Threats

Related Attacks

Category:Denial of Service Attack

Related Vulnerabilities

Related Countermeasures


[1] J. Whittaker and H. Thompson. How to Break Software Security. Addison Wesley, 2003.