OWASP Developer Guide
Memory Management
12.1.8 Memory Management
Here is a collection of Do’s and Don’ts when it comes to memory management, gathered from practical experiences.
- Check that the buffer is as large as specified
- When using functions that accept a number of bytes to copy, such as
strncpy()
, be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string - Check buffer boundaries if calling the function in a loop and make sure there is no danger of writing past the allocated space
- Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions
- Specifically close resources, do not rely on garbage collection. (for example connection objects, file handles, etc.)
- Properly free allocated memory upon the completion of functions and at all exit points.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.