When a program loses track of a memory block by
modifying the last pointer reference to that block, it no longer has the ability
to return that block to the heap manager. This inability to free an allocated block is called
a memory leak. While memory leaks may not lead directly to exploitable conditions, the
leaking of a sufficient amount of memory can exhaust the memory available in the
Gray Hat Hacking: The Ethical Hacker??™s Handbook
344
Figure 14-3 IDA-generated flowchart for sub_80487EB
PART IV
Chapter 14: Advanced Reverse Engineering
345
program heap. At a minimum this will generally result in some form of denial of service.
Dynamic memory allocation takes place in a program??™s heap space. Programs should return
all dynamically allocated memory to the heap manager at some point. When a program
loses track of a memory block by modifying the last pointer reference to that block, it no
longer has the ability to return that block to the heap manager. This inability to free an
allocated block is called a memory leak.
Each of these types of memory problems has been known to cause various vulnerable
conditions from program crashes to remote code execution.
valgrind
valgrind is an open source memory debugging and profiling system for Linux x86 program
binaries.
Pages:
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621