Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access.
Types of memory errors
Access errors: invalid read/write of a pointer
- Buffer over-read — out-of-bound reads can reveal sensitive data or help attackers bypass address space layout randomization.
- Buffer overflow — out-of-bound writes can corrupt the content of adjacent objects, or internal data or return addresses.
- Race condition — concurrent reads/writes to shared memory
- Invalid page fault — accessing a pointer outside the virtual memory space. A null pointer dereference will often cause an exception or program termination in most environments, but can cause corruption in operating system kernels or systems without memory protection, or when use of the null pointer involves a large or negative offset.
- Use after free — dereferencing a dangling pointer storing the address of an object that has been deleted.
Memory leak — when memory usage is not tracked or tracked incorrectly.
- Stack exhaustion — occurs when a program runs out of stack space, typically because of too deep recursion. A guard page typically halts the program, preventing memory corruption, but functions with large stack frames may bypass the page.
- Heap exhaustion — the program tries to allocate more memory than the amount available. In some languages, this condition must be checked for manually after each allocation.
- Double free — repeated calls to free may prematurely free a new object at the same address. If the exact address has not been reused, other corruption may occur, especially in allocators that use free lists.
- Invalid free — passing an invalid address to free can corrupt the heap.