Memory corruption
   HOME

TheInfoList



Click Here for Items Related To - Memory corruption
OR:
Memory corruption on:   [Wikipedia]   [Google]   [Amazon]

Memory corruption occurs in a
computer program A computer program is a sequence or set of instructions in a programming language for a computer to execute. Computer programs are one component of software, which also includes documentation and other intangible components. A computer program ...
when the contents of a
memory location In computing, a memory address is a reference to a specific memory location used at various levels by software and hardware. Memory addresses are fixed-length sequences of digits conventionally displayed and manipulated as unsigned integers. S ...
are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs; this is termed as violation of
memory safety safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runtime error ...
. The most likely causes of memory corruption are programming errors (software bugs). When the corrupted memory contents are used later in that program, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.{{Cite web, last=Radich, first=Q., last2=Sherer, first2=T., last3=Sharkey, first3=K., last4=Batchelor, first4=D., last5=Kennedy, first5=J. T., last6=Mabee, first6=D., last7=Coulter, first7=D., last8=Michael, first8=S., date=28 April 2021, title=Application Verifier (Windows 7 and Windows Server 2008 R2 Application Quality Cookbook) - Win32 apps, publisher=Microsoft Developer Network, url=https://docs.microsoft.com/en-us/windows/win32/win7appqual/application-verifier, access-date=2022-02-09, language=en-us Modern programming languages like C and
C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
have powerful features of explicit memory management and
pointer arithmetic In computer science, a pointer is an object in many programming languages that stores a memory address. This can be that of another value located in computer memory, or in some cases, that of memory-mapped computer hardware. A pointer ''ref ...
. These features are designed for developing efficient applications and system software. However, using these features incorrectly may lead to memory corruption errors. Memory corruption is one of the most intractable class of programming errors, for two reasons: #The source of the memory corruption and its manifestation may be far apart, making it hard to correlate the cause and the effect. #Symptoms appear under unusual conditions, making it hard to consistently reproduce the error. Memory corruption errors can be broadly classified into four categories: #Using uninitialized memory: Contents of uninitialized memory are treated as garbage values. Using such values can lead to unpredictable program behavior. #Using non-owned memory: It is common to use pointers to access and modify memory. If such a pointer is a null pointer,
dangling pointer Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type. These are special cases of memory safety violations. More generally, dangling references and wild references ar ...
(pointing to memory that has already been freed), or to a memory location outside of current stack or heap bounds, it is referring to memory that is not then possessed by the program. Using such pointers is a serious programming flaw. Accessing such memory usually causes operating system exceptions, that most commonly lead to a program crash (unless suitable memory protection software is being used). #Using memory beyond the memory that was allocated (
buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memo ...
): If an array is used in a loop, with incorrect terminating condition, memory beyond the array bounds may be accidentally manipulated. Buffer overflow is one of the most common programming flaws exploited by computer viruses, causing serious
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
issues (e.g. return-to-libc attack, stack-smashing protection) in widely used programs. In some cases programs can also incorrectly access the memory before the start of a buffer. #Faulty heap memory management:
Memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released. A memory leak may also happen when an object ...
s and freeing non-heap or un-allocated memory are the most frequent errors caused by faulty heap memory management. Many
memory debugger Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered, ...
s such as Purify,
Valgrind Valgrind () is a programming tool for memory debugging, memory leak detection, and profiling. Valgrind was originally designed to be a free memory debugging tool for Linux on x86, but has since evolved to become a generic framework for crea ...
,
Insure++ Insure++ is a memory debugger computer program, used by software developers to detect various errors in programs written in C and C++. It is made by Parasoft, and is functionally similar to other memory debuggers, such as Purify, Valgrind an ...
,
Parasoft C/C++test Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development pract ...
,
AddressSanitizer AddressSanitizer (or ASan) is an open source programming tool that detects memory corruption bugs such as buffer overflows or accesses to a dangling pointer (use-after-free). AddressSanitizer is based on compiler instrumentation and directly ma ...
are available to detect memory corruption errors.


See also

*
Storage violation In computing a storage violation is a hardware or software fault that occurs when a task attempts to access an area of computer storage which it is not permitted to access. Types of storage violation Storage violation can, for instance, consist ...


References


External links


Memory Corruption Tutorial
An introduction to exploitation techniques and protection mechanisms Software bugs Computer memory Computer security exploitsbr>