Module 4

Memory Issues in Linux Applications

1
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Memory management

M e m o r y m a n a g e m e n t i s c r u c i a l i n p r o g r a m m i n g a s i t e n s u r e s e ff i c i e n t u s e o f
s y s t e m r e s o u r c e s , s t a b i l i t y, a n d p e r f o r m a n c e .
Application programming mostly involves allocation and deallocation of
memory resources.
Proper memory management ensures optimal utilization and helps prevent
common memory issues.

2
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Impact of memory issue in application
P e r f o r m a n c e D e g r a d a t i o n : I n e ff i c i e n t m e m o r y u s a g e c a n s l o w d o w n
applications, leading to sluggish user experiences.
System Instability and Crashes: Memory-related errors, like segmentation
f a u l t s , c a n c a u s e a p p l i c a t i o n c r a s h e s o r e v e n s y s t e m - w i d e i n s t a b i l i t y.

S e c u r i t y Vu l n e r a b i l i t i e s : M e m o r y v u l n e r a b i l i t i e s , s u c h a s b u ff e r o v e r f l o w s ,
c a n b e e x p l o i t e d b y a t t a c k e r s t o c o m p r o m i s e s y s t e m s e c u r i t y.

Common Memory issue

Segmentation faults (segfaults)
Memory leaks
B u ff e r o v e r f l o w
Use after free (dangling pointer dereference)
To a d d r e s s c o n c e r n s s t e m m i n g f r o m t h e m e m o r y - u n s a f e n a t u r e o f C / C + + , C I S A
recommends developers transition to memory-safe programming languages like
Rust.
3
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Segmentation faults (segfaults)
A segmentation fault can happen when a program tries to access a non-existing
v i r t u a l m e m o r y s e g m e n t o r e x i s t i n g v i r t u a l m e m o r y s e g m e n t i n a d i ff e r e n t w a y
as defined by its attribute.
Execute data in non-executable segment.
Wr i t e d a t a i n r e a d o n l y s e g m e n t .
A s a c o n s e q u e n c e , t h e k e r n e l d e l i v e r s t h e S I G S E G V s i g n a l t o t h e o ff e n d i n g
process, and it usually results in the termination of the process.

Refer segfault example.

4
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Memory Leaks
A memory leak is a condition that occurs when a program fails to release
memory that is no longer needed.
Memory leaks gradually consume available memory resources over time,
potentially causing performance degradation and eventual program crashes.
Common causes of memory leaks include not deallocating dynamically
a l l o c a t e d m e m o r y, l o s i n g r e f e r e n c e s t o m e m o r y b l o c k s , a n d f a i l i n g t o r e l e a s e
r e s o u r c e s p r o p e r l y.

5
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Buffer overflow
A b u ff e r o v e r f l o w i s a t y p e o f s o f t w a r e v u l n e r a b i l i t y t h a t o c c u r s w h e n a
p r o g r a m w r i t e s m o r e d a t a t o a b u ff e r ( a t e m p o r a r y s t o r a g e a r e a ) t h a n i t c a n
hold, causing the excess data to overflow into adjacent memory locations.
Tw o c o m m o n t y p e s o f b u ff e r o v e r f l o w s a r e s t a c k - b a s e d a n d h e a p - b a s e d ,
d e p e n d i n g o n w h e r e t h e b u ff e r i s l o c a t e d i n m e m o r y.
It can lead to memory corruption, program crashes, or unauthorized access to a
system, making it a significant security risk.

6
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Memory Debugging Tools

Detecting and resolving memory issues is crucial for software development and
system management.
Va r i o u s p o w e r f u l t o o l s a r e a v a i l a b l e t o i d e n t i f y, d i a g n o s e , a n d a d d r e s s
memory-related problems.
This section explores these tools and techniques to enhance application and
system stability and performance.

7
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Static analysis tools (clang analyzer)
A static analyzer is a software analysis tool that examines source code or
compiled code without executing it.
A static analyzer performs a comprehensive examination of code, including
a n a l y s i s o f c o d e p a t t e r n s , c o n t r o l f l o w, a n d d a t a f l o w, t o i d e n t i f y p o t e n t i a l
issues, including memory-related problems and vulnerabilities.
Static analyzers help catch memory issues early in the development process,
r e d u c i n g t h e l i k e l i h o o d o f c o s t l y a n d d i s r u p t i v e i s s u e s l a t e r.

8
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Valgrind
Va l g r i n d i s a n i n s t r u m e n t a t i o n f r a m e w o r k f o r b u i l d i n g d y n a m i c a n a l y s i s t o o l s .

It includes a suite of tools for memory debugging, memory leak detection, and
profiling.

Memcheck: Memory error detector (default tool)

Cachegrind: Cache profiler
Callgrind: Call graph profiler
Helgrind: Thread error detector
Massif: Heap profiler

Va l g r i n d o p e r a t e s b y r u n n i n g t h e p r o g r a m i n a v i r t u a l m a c h i n e ( " v a l g r i n d
environment") that monitors and analyzes memory and CPU usage.

B e c a u s e o f t h e i n s t r u m e n t a t i o n a d d e d b y Va l g r i n d , t h e e x e c u t i o n s p e e d
significantly slows down, making it suitable only for a debugging
environment.
9
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Valgrind memcheck tool
M e m c h e c k i s t h e d e f a u l t a n d m o s t w i d e l y u s e d t o o l i n Va l g r i n d . A l l r e a d s a n d w r i t e s
of memory are checked, and calls to malloc/new/free/delete are intercepted. It
detects various memory-related errors such as:
Memory leaks: Identifying memory blocks that were allocated but not freed.
Uninitialized memory use: Detecting the use of uninitialized values.
Invalid memory access: Finding out-of-bounds array access and invalid pointer
dereferencing.
Bad frees of heap blocks (double frees, mismatched frees).
Overlapping source and destination pointers in memcpy and related functions.

manas@sandbox:~$ valgrind --tool=memcheck --leak-check=full <program>

10
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Valgrind memcheck report

The snapshot of this memcheck report is taken from the memory leak example. 11
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Valgrind with GDB
Va l g r i n d u s e s a s y n t h e t i c C P U , n o t t h e h o s t C P U , m a k i n g d i r e c t d e b u g g i n g
i m p o s s i b l e . G D B i n t e r a c t s w i t h Va l g r i n d ' s g d b s e r v e r f o r f u l l d e b u g g i n g w i t h i n
Va l g r i n d .
If you want to debug a program with GDB when using the Memcheck tool, start
Va l g r i n d l i k e t h i s :
valgrind --vgdb=yes --vgdb-error=0 prog

Start GDB in another shell.

gdb prog
A t t a c h t h e G D B w i t h v a l g r i n d g d b s e r v e r.
(gdb) target remote | vgdb

Yo u c a n n o w d e b u g y o u r p r o g r a m e . g . b y i n s e r t i n g a b r e a k p o i n t a n d t h e n u s i n g t h e
GDB continue command.
R e f e r e n c e : h t t p s : / / v a l g r i n d . o rg / d o c s / m a n u a l / m a n u a l - c o r e - a d v. h t m l .
12
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Sanitizer
The Sanitizer suite is a set of runtime analysis tools that helps find common
programming mistakes. It can detect issues like memory errors, undefined
behaviors, race conditions, and similar bugs.
Each sanitizer relies on compiler instrumentation and shadow memory or
s i m i l a r t e c h n i q u e s t o f i n d i s s u e s r e l a t e d t o m e m o r y, t h r e a d i n g , a n d u n d e f i n e d
behaviors in code.
A r a n g e o f s a n i t i z e r s a r e a v a i l a b l e f o r a n a l y s i n g b o t h u s e r- s p a c e c o d e a n d
kernel code.

Major compilers, such as GCC and Clang, provide support for various
sanitizers.
G C C : h t t p s : / / g c c . g n u . o rg / o n l i n e d o c s / g c c / I n s t r u m e n t a t i o n - O p t i o n s . h t m l
C l a n g : h t t p s : / / c l a n g . l l v m . o rg / d o c s / U s e r s M a n u a l . h t m l # i d 4 7

13
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Address Sanitizer (ASan)
AddressSanitizer (ASan) is a runtime memory error detector for C/C++.
While compiling the program ASan inserts runtime checks into the code to
detect memory errors.

ASan helps identify memory-related issues such as:

Use after free (dangling pointer dereference)
H e a p b u ff e r o v e r f l o w
S t a c k b u ff e r o v e r f l o w
G l o b a l b u ff e r o v e r f l o w
Use after return
Use after scope
Initialization order bugs
Memory leaks

14
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Address Sanitizer usage
C o m p i l e t h e c o d e w i t h -fsanitize=address f l a g .

When a memory error is detected during runtime, ASan will print an error
message and a stack trace, indicating where the issue occurred.

Use ASan during development and testing and disable it in production builds
for optimal performance.
15
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Memory Sanitizer (MSan)
MemorySanitizer (MSan) is a runtime uninitialized memory reads detector for
C/C++ programs.
M S a n t r a c k s m e m o r y i n i t i a l i z a t i o n u s i n g s h a d o w m e m o r y, w h e r e e a c h b y t e i s
mapped to indicate if it is initialized or uninitialized.
Compiler instrumentation inserts checks before memory accesses to detect and
report the following cases.
Uninitialized value was used in a conditional branch.
Uninitialized pointer was used for memory accesses.
Uninitialized value was passed or returned from a function call.
Uninitialized data was passed into some libc calls.
M S a n s u p p o r t i s o n l y p r e s e n t i n C l a n g c o m p i l e r.

16
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Thread Sanitizer (TSan)

ThreadSanitizer is a tool that detects data races in C/C++ program using

p t h r e a d l i b r a r y.
A data race occurs when two threads access the same variable concurrently and
at least one of the accesses is write.
U s e -fsanitize=thread t o a d d c o m p i l e r i n s t r u m e n t a t i o n f o r T S a n .

Upon finding a data race condition, TSan will print the error report.

17
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Undefined Behavior Sanitizer (UBSan)
U B S A N i s a r u n t i m e e r r o r d e t e c t i o n t o o l t h a t i d e n t i f i e s u n d e f i n e d b e h a v i o r.
S i g n e d i n t e g e r o v e r f l o w.
I n v a l i d S h i f t o p e r a t i o n s f o r e x a m p l e , s h i f t i n g b y a n e g a t i v e o r t o o l a rg e
n u m b e r.
Dereferencing misaligned or null pointers.
Ty p e m i s m a t c h o r i n v a l i d c a s t s b e t w e e n d i ff e r e n t t y p e s .
Refer to the exhaustive list of undefined behaviors in this document.
UBSAN instruments the code at compile-time by adding checks to detect
undefined behavior at runtime.
E n a b l e i t b y u s i n g -fsanitize=undefined c o m p i l e r o p t i o n . R e f e r t o t h e G C C
o r C l a n g d o c u m e n t a t i o n t o c h o o s e f r o m d i ff e r e n t " u n d e f i n e d b e h a v i o r "
compiler option.

When an issue is detected, it logs a detailed message with the type of

u n d e f i n e d b e h a v i o r, s o u r c e c o d e l o c a t i o n , a n d a b a c k t r a c e .
18
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 libefence
l i b e f e n c e i s a l i g h t w e i g h t l i b r a r y t h a t h e l p s t o c a t c h b u ff e r o v e r f l o w i n
d y n a m i c a l l y a l l o c a t e d b u ff e r a n d u s e - a f t e r- f r e e m e m o r y e r r o r s .

libefence allocates extra memory pages around dynamic memory blocks,

marking them as unreadable. It triggers a segmentation fault if the program
accesses memory beyond its allocated bounds.
It can either be linked statically in the program or preloaded using
LD_PRELOAD e n v i r o n m e n t v a r i a b l e .

A coredump is generated upon a segfault. This coredump can be opened with

G D B , p i n p o i n t i n g t h e e x a c t l o c a t i o n o f t h e e r r o r.
19
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Best Practices for Memory Management
Allocate Memory Dynamically When Needed: Only allocate memory dynamically
( e . g . , u s i n g m a l l o c o r n e w ) w h e n n e c e s s a r y. U s e s t a c k m e m o r y f o r s m a l l , s h o r t - l i v e d
variables.
D e a l l o c a t e M e m o r y P ro p e r l y : A l w a y s r e l e a s e d y n a m i c a l l y a l l o c a t e d m e m o r y u s i n g
free or delete when you're done with it to prevent memory leaks.

Av o i d M a n u a l M e m o r y M a n a g e m e n t : U s e h i g h e r- l e v e l a b s t r a c t i o n s a n d s m a r t
p o i n t e r s ( i n C + + ) , w h e n e v e r p o s s i b l e , t o m a n a g e m e m o r y a u t o m a t i c a l l y. T h i s r e d u c e s
the risk of memory leaks and other errors.
C h e c k f o r N u l l P o i n t e r s : B e f o r e d e r e f e r e n c i n g a p o i n t e r, e n s u r e i t ' s n o t n u l l ( i . e . ,
check for null pointer exceptions) to avoid crashes.

Bounds Checking: When working with arrays, use library functions or language
f e a t u r e s t o c h e c k b o u n d s ( e . g . , i n C + + u s e s t d : : v e c t o r, i n C u s e s t r n c p y, s n p r i n t f ,
etc.).
20
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 Best Practices for Memory Management
Av o i d M e m o r y L e a k s : R e g u l a r l y i n s p e c t a n d a n a l y z e y o u r c o d e f o r m e m o r y l e a k s
u s i n g t o o l s l i k e Va l g r i n d o r A d d r e s s S a n i t i z e r.
U n d e r s t a n d O w n e r s h i p : C l e a r l y d e f i n e o w n e r s h i p o f o b j e c t s a n d m e m o r y.
Understand who is responsible for allocating and deallocating memory and follow
o w n e r s h i p p a t t e r n s c o n s i s t e n t l y.

D e f e n s i v e P ro g r a m m i n g : P r a c t i c e d e f e n s i v e p r o g r a m m i n g b y v a l i d a t i n g i n p u t
parameters, checking return values from memory allocation functions, and handling
e r r o r s g r a c e f u l l y.
C o d e R e v i e w s : C o n d u c t c o d e r e v i e w s t o c a t c h m e m o r y m a n a g e m e n t i s s u e s e a r l y, a s
t h e y c a n b e c h a l l e n g i n g t o d e b u g o n c e t h e y o c c u r.

M o v e t o m e m o r y - s a f e p ro g r a m m i n g : C o n s i d e r p r i o r i t i z i n g m e m o r y - s a f e
p r o g r a m m i n g l a n g u a g e s l i k e R u s t o v e r C a n d C + + f o r a l l f u t u r e d e v e l o p m e n t e ff o r t s .

21
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0
 References

Refer to these instructions for enabling coredump.

C l a n g S t a t i c A n a l y z e r.
h t t p s : / / c l a n g - a n a l y z e r. l l v m . o rg /
Va l g r i n d w i t h G D B .
h t t p s : / / v a l g r i n d . o rg / d o c s / m a n u a l / m a n u a l - c o r e - a d v. h t m l .
Address Sanitizer flags.
https://github.com/google/sanitizers/wiki/addresssanitizerflags

22
Linux Debug Training © 2024 John O'Sullivan | Manas Marawaha is licensed under CC BY-SA 4.0