This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Memory Leak"

Jump to: navigation, search
Line 3: Line 3:
<!--duplicate article. the content has already been moved to the other article-->
<!--duplicate article. the content has already been moved to the other article-->
#REDIRECT [[Memory_leak]]

Latest revision as of 19:41, 11 April 2009


#REDIRECT Memory_leak


Memory is allocated but never freed.


Memory leaks have two common and sometimes overlapping causes:

  • Error conditions and other exceptional circumstances.
  • Confusion over which part of the program is responsible for freeing the memory

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1].


The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes:

	char* getBlock(int fd) {
	char* buf = (char*) malloc(BLOCK_SIZE);
	if (!buf) {
	  return NULL;
	if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
	  return NULL;
	return buf;

Related Threats

Related Attacks

Category:Denial of Service Attack

Related Vulnerabilities

Related Countermeasures


[1] J. Whittaker and H. Thompson. How to Break Software Security. Addison Wesley, 2003.