memory leaks - suhajitsaha.com
Write-up

Exploiting & Troubleshooting Memory Leaks – 1

Image for post

Memory management is the process of usage of memory from our machine by the application and release the memory when in no use.

Memory leaks are unnoticed and not cause any harm initially,but once leaks are strong they can cause high latencies and crashes of our application.

According to OWASP :

A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed. The consequences of such an issue depend on the application itself. Consider the following general three cases:

CaseDescription of Consequence
Short Lived User-land ApplicationLittle if any noticable effect. Modern operating system recollects lost memory after program termination.
Long Lived User-land ApplicationPotentially dangerous. These applications continue to waste memory over time, eventually consuming all RAM resources. Leads to abnormal system behavior.
Kernel-land ProcessVery dangerous. Memory leaks in the kernel level lead to serious system stability issues. Kernel memory is very limited compared to user land memory and should be handled cautiously.

A developer is responsible for assigning and releasing the memory.Some of the ways of memory management.

  1. Manual Management: Here, The programming language does not provide any automated tools to do any memory management.

C/ C++ uses this approach by providing methods like malloc() and free() to interact with machine memory.

    2.  Garbage Collection: Programmers no need to worry about freeing the memory as most of the modern languages come up with inbuilt garbage collectors (JavaScript, JVM based languages, Golang,Python, Ruby etc.

3. Ownership: In this approach, each variable have its owner and once the owner goes out of scope, the value in the variable will be wiped off and releasing the memory. Rust uses such an approach for memory management.

We are focused into JavaScript and Node JS so we will be focused on Garbage Collector. Garbage collector runs periodically and checks the allocation of memory by using an algorithm called “Mark and sweep”.Reference Counting is an algorithm which is used by python and PHP.

Mark and Sweep algorithm creates roots which are global variables in the environment (window objects)  and it traverses the tree from roots to leaf nodes and mark all objects it encounters. Any memory not taken up by marked objects in the heap is marked as free.

Browsers like chrome provide a variety of solutions to the memory crisis by providing specialized tools to the developers. Using Chrome task manager you can easily manage and keep track of the heap memory(allocated to JS) as well as DOM nodes. It informs you about how much memory the page is using in totality. If the Memory is increasing that means more and more DOM nodes are getting created.

co nsole 
s 
Elernents 
i 
Sources 
Summary 
Constructor 
Network Performance Memory 
Applicaüon 
Security 
Lighthouse 
Class filter 
All Objects 
Distance 
HEAP SNAPSHOTS 
Snapshot 1 
7.9 MB 
(system) 04187 
*.0bject *11793 
Saye > (closure) x24017 
(array) x6184 
(string) 
system / Context 0118 
Window x 52 
InternalNode 
EventListener 
x 273 
V8EventListener x84 
Window / x8 
(compiled code) *6994 
Window / 
•Array x1429 
Array 
"9551 
> Array @112987 
Array 
0251213 0 
Array 
e.4øse7 0 
Array 
"8749 
Array 
@214681 0 
Array 
eaø.427 
Array 
@142167 0 
2 
4 
4 
Shallow Size 
2 729 936 
229 564 
724 752 
1 508400 
1 988 456 
97 340 
1 524 
288 
420 144 
36 
22 864 
16 
16 
16 
16 
16 
16 
16 
16 
16 
35% 
3% 
9% 
19% 
25% 
1% 
0% 
0% 
0% 
0% 
0% 
5% 
0% 
0% 
0% 
0% 
0% 
0% 
0% 
0% 
0% 
0% 
Retained Size 
3 410 712 
3002924 
2 987 376 
2 199 388 
1 988 576 
1 791088 
1 743264 
1 237 176 
1 216 724 
1 216 724 
1 169 348 
774 820 
491 664 
158 092 
9 044 
9 044 
9 044 
6 460 
6 460 
6 460 
6 320 
6 320 
6 320 
43% 
38 % 
38 % 
28 % 
25 % 
23 % 
22 % 
16% 
15% 
15% 
15% 
10% 
6% 
2% 
0% 
0%

We can compare the different snapshots by changing the page state’s and make sure no refresh occurs or else it will completely wipe the memory and waste our efforts.

Reference : https://developers.google.com/web/tools/chrome-devtools/memory-problems

Also we can use heapdump library

To install: npm i heapdump

curl –location –request GET ‘http://localhost:4000/heapdump

We are making the API call to take a heapdump. This heapdump will contains all the objects which GC wasn’t able to collect.

Once you get your hands on both the heapdumps (fresh and long running server) we can start comparing.

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a common denial of service attack (by crashing the program) or come up with different attack vectors by taking advantage of leaks.

If you are new try https://github.com/s3r10usB14ck/JS-memory-leak-Lab  , start debugging with Chrome Dev tools and find the leakage.

https://hackerone.com/reports/783360

Oscar Wilde once said “Memory is the diary that we all carry about with us”.

Share via
Copy link