Memory corruption
Encyclopedia
Memory corruption happens when the contents of a memory location are unintentionally modified due to programming errors; this is known as violating memory safety
. When the corrupted memory contents are used later in the computer program
, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.
Modern programming languages like C
and C++ have powerful features of explicit memory management and pointer arithmetic. These features are designed for developing efficient applications and system software. However, using these features incorrectly may lead to memory corruption errors.
Memory corruption is one of the most intractable class of programming errors because of two reasons:
Memory corruption errors can be broadly classified into four categories:
Many memory debugger
s such as Purify, Valgrind
, Insure++
are available for detecting memory corruption errors.
Memory safety
Memory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with random-access memory access, such as buffer overflows and dangling pointers....
. When the corrupted memory contents are used later in the computer program
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.
Modern programming languages like C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
and C++ have powerful features of explicit memory management and pointer arithmetic. These features are designed for developing efficient applications and system software. However, using these features incorrectly may lead to memory corruption errors.
Memory corruption is one of the most intractable class of programming errors because of two reasons:
- The source of the memory corruption and its manifestation may be far apart making it hard to correlate the cause and the effect.
- Symptoms appear under unusual conditions, making it hard to consistently reproduce the error.
Memory corruption errors can be broadly classified into four categories:
- Using un-initialized memory: Contents of un-initialized memory are considered to be garbage values and using these values can lead to unpredictable program behavior.
- Using un-owned memory: It is common to use pointers for accessing and modifying memory. If a pointer happens to be a null pointer, dangling pointerDangling pointerDangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations....
(pointing to memory that has already been freed), or to a memory location outside of current stack or heap bounds, it is referring to memory that is not currently possessed by the program. And using such pointer is a serious programming flaw. Accessing such memory usually causes operating system exceptions (also known as page faults) which most commonly lead to a program crash. However, it has been proved that such erroneous accesses can also lead to better executions, one mistake correcting another. - Using beyond allocated memory (buffer overflowBuffer overflowIn computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
): If an array is used in a loop, with incorrect terminating condition, memory beyond the array bounds may be manipulated. Buffer overflow is one of the most common programming flaws exploited by computer viruses causing serious computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
issues (e.g. Return-to-libc attackReturn-to-libc attackA return-to-libc attack is a computer security attack usually starting with a buffer overflow in which the return address on the stack is replaced by the address of another instruction and an additional portion of the stack is overwritten to provide arguments to this function...
, Stack-smashing protectionStack-smashing protectionBuffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables as they occur and preventing them from becoming serious security vulnerabilities...
) in widely used programs. One can also incorrectly access the memory before the beginning of a buffer. - Faulty heap memory management: Memory leaks and freeing non-heap or un-allocated memory are the most frequent errors caused by faulty heap memory management.
Many memory debugger
Memory debugger
A memory debugger is a programming tool for finding memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g...
s such as Purify, Valgrind
Valgrind
Valgrind is a GPL licensed programming tool for memory debugging, memory leak detection, and profiling. The name valgrind comes from the main entrance to Valhalla in Norse mythology....
, Insure++
Insure++
Insure++ is a memory debugger computer program, used by software developers to detect various errors in programs written in C and C++. It is made by Parasoft, and is functionally similar to other memory debuggers, such as Purify and Valgrind.-Overview:...
are available for detecting memory corruption errors.
External links
- Article "Navigating "C" in a "leaky" boat? Try Purify." by Satish Chandra Gupta and Giridhar Sreenivasamurthy
- Resolving memory corruption - An article from the Real-Time embedded blog by Hai Shalom.