5.1.18 · HinglishC Programming

Common memory errors — null dereference, buffer overflow, use-after-free, double free, memory leak

2,033 words9 min readRead in English

5.1.18 · Coding › C Programming

YE errors exist hi kyun karte hain?

Ek managed language (Python, Java) mein runtime har object ko track karta hai: woh arrays ko bounds-check karta hai, jaanta hai kab memory free hai, aur garbage-collect karta hai. C tumpar poora trust karta hai. Ek pointer sirf ek 64-bit integer hota hai jo ek byte address ko naam deta hai. CPU khushi-khushi jo bhi address tum dete ho woh read/write kar leta hai. Toh "errors" koi language exceptions nahi hote — yeh undefined behaviour (UB) hote hain: program crash ho sakta hai, data corrupt ho sakta hai, ya kaam karta hua dikhe (sabse khatarnak case).


Paanch errors — KIYA kya hai har ek ne

Error KYA hua Jo jhooth tum maante rahe
Null dereference *p use kiya jahan p == NULL tha "p kisi object ko point kar raha hai"
Buffer overflow Array ke end ke baad likha "array itna bada hai"
Use-after-free free(p) ke baad memory use ki "p abhi bhi valid hai"
Double free free(p) do baar kiya "maine ise sirf ek baar free kiya"
Memory leak malloc ke baad koi matching free nahi "OS saaf kar lega"
Figure — Common memory errors — null dereference, buffer overflow, use-after-free, double free, memory leak

1. Null dereference

WHY yeh hota hai: malloc tab NULL return karta hai jab allocation fail ho jaaye; uninitialised ya "reset" pointers aksar NULL hote hain. OS page 0 ko unmapped mark karta hai, isliye use touch karne par trap hota hai → segfault.


2. Buffer overflow

WHY yeh itna khatarnak hai: C arrays ke saath unki length store nahi hoti. End ke baad likhne se adjacent variables, stack par saved return addresses, ya heap metadata clobber ho jaata hai — yeh classic security exploit hai.


3. Use-after-free (UAF)

WHY yeh dard deta hai: free(p) p ko change nahi karta — yeh sirf block ko allocator ko wapas karta hai. p ab ek dangling pointer hai. Allocator woh block agले malloc ko de sakta hai, toh tumhara "purana" pointer silently kisi aur ke data ko alias karta hai.


4. Double free

WHY yeh khatarnak hai: modern allocators bookkeeping (size, next-free) inline store karte hain; do baar free karne se ek attacker un structures ko corrupt kar sakta hai (the "double-free exploit").


5. Memory leak

WHY yeh matter karta hai: baaki errors ke ulta, yeh aksar immediately crash nahi karta — yeh dheere dheere process ki memory badhata rehta hai jab tak system thrash na kare ya OOM-killer strike na kare. Long-running servers mein ek chota sa leak bhi fatal hota hai.


KAISE bachein paanch errors se (the 80/20 core)


Flashcards

free(p) variable p ke saath khud kya karta hai?
Kuch nahi — p purana (ab dangling) address rakhta hai; free sirf block ko allocator ko wapas karta hai.
free ke baad p = NULL; karna itni powerful habit kyun hai?
free(NULL) guaranteed no-op hai, isliye yeh double free rokta hai, aur baad mein *p karna silent use-after-free ki jagah detectable null deref ban jaata hai.
N bytes ka buffer L length ki C string hold karta hai; kya condition hold karni chahiye?
(+1 terminating \0 ke liye hai).
Undefined behaviour kya hota hai?
Aisa behaviour jis par C standard koi requirement impose nahi karta; compiler assume kar sakta hai ki yeh hota hi nahi, isliye bugs crash kar sakte hain, kaam kar sakte hain, ya silently corrupt kar sakte hain.
Use-after-free aur double free mein fark kya hai?
UAF = freed memory ko dereference karna; double free = ek hi address par free do baar call karna.
Conservation terms mein memory leak kya hai?
Allocations reachable blocks ke frees se zyada hain (A > F); ek block jiska aakhri pointer free kiye bina kho gaya.
char buf[8] mein strcpy(buf,"hello world") kyun overflow karta hai?
Source 12 bytes hai (11 chars + \0) lekin buf sirf 8 hold karta hai; woh end ke baad 4 bytes likhta hai.
malloc se null dereference rokne ke liye kaunsa ek check kaafi hai?
Returned pointer use karne se pehle if (p == NULL) test karo.
int a[5] par loop karne ke liye kaunsi condition overflow rokti hai?
i < 5 (valid indices 0..4), i <= 5 nahi.

Recall Feynman: ek 12-saal ke bachche ko samjhao

Socho memory ek lockers ki line hai. Ek pointer ek sticky note hai jis par locker number likha hai. Null deref: note par likha hai "locker 0" jo exist hi nahi karta — tum andar haath daalo aur deewar se takrao (crash). Buffer overflow: tumhara samaan tumhare locker se bada hai, toh woh padosi ke locker mein gir jaata hai aur unka sab kuch barbaad kar deta hai. Use-after-free: tumne apna locker gym ko wapas de diya, lekin note rakha aur abhi bhi khol rahe ho — ab andar kisi aur ke moje hain. Double free: tum gym ko do baar bolte ho "yeh locker lo wapas" — gym ki record book confused ho jaati hai. Memory leak: tumne lockers rent kiye aur saari notes phek di, toh koi kabhi unhe khali nahi kar sakta, aur gym ke lockers dheere dheere khatam hone lagte hain. Golden rule: ek rent karo, ek baar wapas karo, aur sticky note jalaao (NULL set karo) jis pal wapas karo.


Connections

  • Pointers in C — har memory error ek aisa pointer hai jo galat jagah point kar raha hai.
  • malloc and free — woh heap allocator jiske rules hum todh dete hain.
  • Stack vs Heap Memory — overflow stack frames / return addresses corrupt karta hai.
  • Undefined Behaviour — umbrella consequence.
  • Valgrind and AddressSanitizer — woh tools jo runtime par paanch errors detect karte hain.
  • Buffer Overflow Exploits — security angle.
  • Strings in C and the null terminator — woh byte.

Concept Map

leads to

root cause

manifests as

manifests as

manifests as

manifests as

manifests as

from

because

enables

after

calls twice

missing

C no memory supervision

Undefined Behaviour

Bad pointer use

Null dereference

Buffer overflow

Use-after-free

Double free

Memory leak

malloc returns NULL

Arrays store no length

Security exploit

free called