MLK.MUST
Memory leak
The program did not release previously allocated memory and a reference to dynamic memory is lost at this point.
Vulnerability and risk
Memory leaks cause the application to consume additional memory. This reduces the amount of memory available to other applications and eventually causes the operating system to start paging, slowing the system down. In critical cases, the application will reach overall memory limits, which may result in application crashes.
Example 1
class A{
void foo();
};
void A::foo()
{
int *ptr = new int;
*ptr = 25;
ptr = new int;
*ptr = 35;
}
Klocwork produces a memory leak report for line 8, indicating that the dynamic memory stored in 'ptr' allocated through the function 'new' at line 6 is lost at line 8. In the above example, another memory leak is reported for line 10: the dynamic memory stored in 'ptr' allocated through the function 'new' at line 8 is lost at line 10.
External guidance
- CERT ERR57-CPP: Do not leak resources when handling exceptions
- CERT MEM00-C: Allocate and free memory in the same module, at the same level of abstraction
- CERT MEM12-C: Consider using a goto chain when leaving a function on error when using and releasing resources
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime