C/C++ software memory corruption types:
There are two forms of Linux Memory accessible to the programmer:
- User's virtual memory space in which application is run.
- Register memory.
The most obvious memory errors result in a "Segmentation violation" message.
This may alert the programmer to the location of the memory error
when the program is run in gdb.
The following errors discussed are the not so obvious errors.
Memory errors:
- Heap memory errors:
- Attempting to free memory already freed.
- Freeing memory that was not allocated.
- Attempting to read/write memory already freed.
- Attempting to read/write to memory which was never allocated.
- Memory allocation error.
- Reading/writing to memory out of the bounds of a dynamically allocated array
- stack (local variables) memory errors:
- Reading/writing to memory out of the bounds of a static array.
(array index overflow - index too large/underflow - negative index)
- Function pointer corruption: Invalid passing of function pointer and thus
a bad call to a function.
Memory Leaks:
Memory leak description: Memory is allocated but not released causing an application to
consume memory reducing the available memory for other applications and
eventually causing the system to page virtual memory to the hard drive slowing
the application or crashing the application when than the computer memory
resource limits are reached. The system may stop working as these limits are approached.
Many C library functions malloc's memory which MUST be freed:
i.e.: strdup(),
07 | char *oldString = "Old String"; |
08 | char newString = strdup(oldString); |
09 | if(errno == ENOMEM) ... |
Note: You can NOT use the C++ delete call. The strdup() function is part
of the C library and you must use free().
If there was insufficient memory to permit the allocation for the string duplication, strdup() will return NULL and the error code will be set to ENOMEM.
Any routine which is supplied by the C libraries or ones written within
an application which allocate memory must have the memory freed.
Comments on this need should be included in the include file to make
users of the function aware of their duties to free the memory and the
mechanism by which it is to be freed (free() or delete).
Programmer must free() malloc()'ed memory:
Also for calloc(), malloc() and realloc();
4 | char *textString = malloc(128*sizeof(char)); |
Check for memory allocation errors. Can't free it if it didn't get allocated.
If there was insufficient memory to permit the allocation, malloc() will return NULL and the error code will be set to ENOMEM.
Note that a call to malloc() with a size of zero may also return NULL.
Programmer must delete new'ed memory:
ClassTypeA *ptr = new ClassTypeA;
...
delete ptr;
New/delete is preferred to malloc()/free() because it can initialize the
memory and it invokes the constructor for new objects. New/delete also
point to the correct memory type.
Note on mixing source code containing new/delete and malloc()/free().
This is not a problem with the GNU C++ compiler but this is not guaranteed
for all C++ compilers.
Inheritance, polymorphism and the wrong delete:
1 | BaseClass* obj_ptr = new DerivedClass; |
If you are counting on the destructor to delete memory allocated in the
constructor beware of this mistake as it will cause a memory leak.
Use a virtual destructor to avoid this problem.
The ~BaseClass() destructor is called and then the destructor ~DerivedClass()
is chosen and called at run time because it is a virtual destructor.
If it is not declared virtual then only the ~BaseClass() destructor is called
leaving any allocated memory from the DerivedClass object to persist and leak.
The behavior of this error is undefined so don't do it.
The same ill effect can be achieved with a C style cast to a class of
less scope which will dumb down the destructor to that which may not
execute all the freeing of the original class. A C++ style dynamic cast may
prevent this error as it will recognize the loss of translation and not
allow the cast to take place resulting in a traceable crash rather a tough
to find memory leak.
Pointer re-assignment error leads to dangling pointer:
If the pointer is re-assigned a new value before being freed, it will lead
to a "dangling pointer" and memory leak.
Example:
1 | char *a = malloc(128*sizeof(char)); |
2 | char *b = malloc(128*sizeof(char)); |
Default copy constructor may not give correct results:
Memory allocated by copy constructors for pointer duplication:
Check the pointer in the destructor and delete if necessary.
Memory allocated when passing the class by value, invokes the copy constructor.
Also beware, the default copy constructor may not give you the results you want
especially when dealing with pointers as the default copy constructor has no
knowledge of how to copy the contents of what the pointer points to.
To prohibit the use of the default copy constructor one can define a null assignment operator.
One can also write a proper copy constructor.
1 | ClassA& operator=(const ClassA& right_hand_side); |
Good practice:
Use assert to check pointers before freeing or using:
Memory Corruption:
Memory Corruption:
Memory when altered without an explicit assignment due to the inadvertent
and unexpected altering of data held in memory or the altering of a pointer
to a specific place in memory.
Buffer overflow:
Example 1:
Overwrite beyond allocated length - overflow.
1 | char *a = malloc(128*sizeof(char)); |
2 | memcpy(a, data, dataLen); |
Example 2:
Index of array out of bounds:
(array index overflow - index too large/underflow - negative index)
1 | ptr = (char *) malloc(strlen(string_A)); |
Overflow by one byte.
Using an address before memory is allocated and set:
In this case the memory location is NULL or random.
Using a pointer which is already freed:
01 | char *a = malloc(128*sizeof(char)); |
08 | ... Do stuff. Probable overwriting of freed memory. |
Freeing memory which has already been freed. Also applies to delete.
Freeing a pointer twice:
1 | char *a = malloc(128*sizeof(char)); |
Freeing memory which was not dynamically allocated:
2 | struct ABC *abc_ptr = &abc; |
Incorrect use of delete: The delete must match the use of new.
The pairing is new/delete and new [] / delete[]
1 | ClassABC *abc_ptr = new ClassABC[100]; |
Use of "delete abc_ptr" is an error.
Do not use malloc()/free() with a C++ class as it will not call the constructor
or destructor. Also malloc()/free() can not be mixed with new/delete.
i.e. Free() can not be used to free memory allocated with new
and delete can not be used to free memory allocated with malloc().
Exception Errors:
Freeing memory never allocated:
If you use a constructor to allocate memory but an exception is thrown
before all is allocated, the destructor needs to be aware that fact or else
it may try to free memory which was never allocated.
Also the converse is true. If the destructor throws an exception, subsequent
steps which free memory may not be executed. This applies to the destructor
and all nested destructors which handle/re-throw the exception while the stack
unwinds.
BTW: Resources tied to the lifetime of the object is known as RAII (Resource Acquisition Is Initialization), where the resource allocation is done during object creation in the constructor and resource deallocation is done by the destructor.
Pointer persistence:
Function returning a pointer from the stack which can get overwritten
by the calling function (in this case main()):
14 | .. ii may be corrupt by this point. |
This is also true for a local variable within the scope of only { and } as well
as for the scope of a function.
Incorrect passing of a function argument:
If the pointer is passed around as an argument and does not get passed
correctly, one may try to free the incorrect pointer.
Mixing the object base class and derived class:
If mixing the object base class and derived class
when passing an object by value as a function parameter, make sure that
you understand what may be lost.
1 | function_A(BaseClass baseClass_ptr) |
7 | function_A(derivedClass_ptr); |
Note that this is a cautionary warning to be careful and not necessarily an error as it depends on the intent and use. This can be used properly.
Copying an object:
Don't use memcpy() or any bit for bit copy function to copy an object.
It will not execute the class constructor. What kind of person would do this??
Passing an object in a va_arg() list will result in a bit for bit copy and
will not use the default copy constructor.
Links:
Related YoLinux Tutorials:
Books:
