Application Security Testing: An Integral Part of DevOps
CMemLeak is a small tool for detecting memory leaks in C programs. It does not replace and is not as good as the commercially available tools. However, it is free and can be used in any environment.
CMemLeak will not detect:
- Array bounds Reads
- Free Memory Reads
- Stack Violations
- Stack corruption
It does this by redefining these routines. An example of usage can be seen in the test program LeakTest.c. If the program terminates normally, a report will be printed in the file CMemLeak.txt. It does this by using atexit. This means that, if the program exits using _exit, the report will have to be forced by explicitly calling XWBReportFinal.
- Just include CMemLeak.h in all your source files and CMemLeak.c in your code. If _DEBUG is defined, the memory leak code will be activated.
- An alternative: #include CMemLeak in malloc.h. Then, there is no need to include it in all the files and it will be automatically included in the files that use malloc.
The program may run a lot slower if there are lots of allocations and deallocations.
Tracking Heap Corruption
Call XWBNoFree() at the start of the program. Then, call XWBReport at key points. If the program crashes because the heap is getting corrupted, call XWBNoFree(), followed by XWBPreallocate(500), where 500 is the number of allocations you expect before the crash. If it is insufficient, CMemLeak will automatically grow the allocation buffer at the risk of itself getting corrupted.
CMemLeak works on certain patterns being set in memory. No single pattern can be unique; every so often, the data will be the same as the pattern chosen.
- Guards for checking illegal memory writes. These are put at the end of the memory block. If the program writes outside its allocated memory, the guard will not contain this value.
static const char xwbProtect = "DeAd";
- Uninitialized memory. This value is used just after a memory block has been allocated. Pick a value that will cause the most problems. VC++ uses 0xCC.
static const unsigned char xwbUninit = 0x55;
- Clean memory. This value is used just after a memory block has been deallocated. Pick a value which will cause the most problems.
static const unsigned char xwbFreed = 0xAA;
- Report file.
static const char xwbReportFilename = "CMemLeak.txt";
Understanding the Leak Report
The leak report uses a 3-letter abbreviation to indicate the type of leak, as described in the following table.
|FNH||Free Non Heap Memory||Caused by freeing memory that has already been freed, freeing memory that should not be freed, freeing memory that has not been allocated with malloc, and so forth|
|FMW||Free Memory Write||Writing to memory after it has been freed|
|IMW||Illegal Memory Write||Writing outside an allocated block. Basically, the guards have been trampled|
|MLK||Memory Leak||A straight memory leak|
Sample Leak Report
In the report below, as well as a memory leak, the heap is being corrupted on line 45. The second column shows the address of the allocated memory, or, if it was freed/reallocated, the identifier.
DummyTest: after allocations MLK: 00431D50 40 bytes allocated D:\algo\memleak\leaktest.c: 33 MLK: 00431C50 40 bytes allocated D:\algo\memleak\leaktest.c: 34 MLK: 00431BA0 40 bytes allocated D:\algo\memleak\leaktest.c: 35 Total allocations : 3 Max memory allocation: 120 (0K) Total leak : 120 FNH: ok deallocated D:\algo\memleak\leaktest.c: 45 IMW: imw allocated D:\algo\memleak\leaktest.c: 34 : imw deallocated D:\algo\memleak\leaktest.c: 48 Final Report MLK: 00431BA0 40 bytes allocated D:\algo\memleak\leaktest.c: 35 MLK: 00431640 32 bytes allocated D:\algo\memleak\leaktest.c: 72 MLK: 00431AF0 40 bytes allocated D:\algo\memleak\leaktest.c: 94 ... Total allocations : 113 Max memory allocation: 812 (0K) Total leak : 760
DownloadsDownload demo project - 15 Kb
Download source - 7 Kb