Common memory errors — null dereference, buffer overflow, use-after-free, double free, memory leak
5.1.18· Coding › C Programming
YE errors exist hi kyun karte hain?
Ek managed language (Python, Java) mein runtime har object ko track karta hai: woh arrays ko bounds-check karta hai, jaanta hai kab memory free hai, aur garbage-collect karta hai. C tumpar poora trust karta hai. Ek pointer sirf ek 64-bit integer hota hai jo ek byte address ko naam deta hai. CPU khushi-khushi jo bhi address tum dete ho woh read/write kar leta hai. Toh "errors" koi language exceptions nahi hote — yeh undefined behaviour (UB) hote hain: program crash ho sakta hai, data corrupt ho sakta hai, ya kaam karta hua dikhe (sabse khatarnak case).
Paanch errors — KIYA kya hai har ek ne
| Error | KYA hua | Jo jhooth tum maante rahe |
|---|---|---|
| Null dereference | *p use kiya jahan p == NULL tha |
"p kisi object ko point kar raha hai" |
| Buffer overflow | Array ke end ke baad likha | "array itna bada hai" |
| Use-after-free | free(p) ke baad memory use ki |
"p abhi bhi valid hai" |
| Double free | free(p) do baar kiya |
"maine ise sirf ek baar free kiya" |
| Memory leak | malloc ke baad koi matching free nahi |
"OS saaf kar lega" |

1. Null dereference
WHY yeh hota hai: malloc tab NULL return karta hai jab allocation fail ho jaaye; uninitialised ya "reset" pointers aksar NULL hote hain. OS page 0 ko unmapped mark karta hai, isliye use touch karne par trap hota hai → segfault.
2. Buffer overflow
WHY yeh itna khatarnak hai: C arrays ke saath unki length store nahi hoti. End ke baad likhne se adjacent variables, stack par saved return addresses, ya heap metadata clobber ho jaata hai — yeh classic security exploit hai.
3. Use-after-free (UAF)
WHY yeh dard deta hai: free(p) p ko change nahi karta — yeh sirf block ko allocator ko wapas karta hai. p ab ek dangling pointer hai. Allocator woh block agले malloc ko de sakta hai, toh tumhara "purana" pointer silently kisi aur ke data ko alias karta hai.
4. Double free
WHY yeh khatarnak hai: modern allocators bookkeeping (size, next-free) inline store karte hain; do baar free karne se ek attacker un structures ko corrupt kar sakta hai (the "double-free exploit").
5. Memory leak
WHY yeh matter karta hai: baaki errors ke ulta, yeh aksar immediately crash nahi karta — yeh dheere dheere process ki memory badhata rehta hai jab tak system thrash na kare ya OOM-killer strike na kare. Long-running servers mein ek chota sa leak bhi fatal hota hai.
KAISE bachein paanch errors se (the 80/20 core)
Flashcards
free(p) variable p ke saath khud kya karta hai?
p purana (ab dangling) address rakhta hai; free sirf block ko allocator ko wapas karta hai.free ke baad p = NULL; karna itni powerful habit kyun hai?
free(NULL) guaranteed no-op hai, isliye yeh double free rokta hai, aur baad mein *p karna silent use-after-free ki jagah detectable null deref ban jaata hai.N bytes ka buffer L length ki C string hold karta hai; kya condition hold karni chahiye?
\0 ke liye hai).Undefined behaviour kya hota hai?
Use-after-free aur double free mein fark kya hai?
Conservation terms mein memory leak kya hai?
char buf[8] mein strcpy(buf,"hello world") kyun overflow karta hai?
\0) lekin buf sirf 8 hold karta hai; woh end ke baad 4 bytes likhta hai.malloc se null dereference rokne ke liye kaunsa ek check kaafi hai?
if (p == NULL) test karo.int a[5] par loop karne ke liye kaunsi condition overflow rokti hai?
i < 5 (valid indices 0..4), i <= 5 nahi.Recall Feynman: ek 12-saal ke bachche ko samjhao
Socho memory ek lockers ki line hai. Ek pointer ek sticky note hai jis par locker number likha hai. Null deref: note par likha hai "locker 0" jo exist hi nahi karta — tum andar haath daalo aur deewar se takrao (crash). Buffer overflow: tumhara samaan tumhare locker se bada hai, toh woh padosi ke locker mein gir jaata hai aur unka sab kuch barbaad kar deta hai. Use-after-free: tumne apna locker gym ko wapas de diya, lekin note rakha aur abhi bhi khol rahe ho — ab andar kisi aur ke moje hain. Double free: tum gym ko do baar bolte ho "yeh locker lo wapas" — gym ki record book confused ho jaati hai. Memory leak: tumne lockers rent kiye aur saari notes phek di, toh koi kabhi unhe khali nahi kar sakta, aur gym ke lockers dheere dheere khatam hone lagte hain. Golden rule: ek rent karo, ek baar wapas karo, aur sticky note jalaao (NULL set karo) jis pal wapas karo.
Connections
- Pointers in C — har memory error ek aisa pointer hai jo galat jagah point kar raha hai.
- malloc and free — woh heap allocator jiske rules hum todh dete hain.
- Stack vs Heap Memory — overflow stack frames / return addresses corrupt karta hai.
- Undefined Behaviour — umbrella consequence.
- Valgrind and AddressSanitizer — woh tools jo runtime par paanch errors detect karte hain.
- Buffer Overflow Exploits — security angle.
- Strings in C and the null terminator — woh byte.