Is it possible to free leaked memory from another process?

Question

I have this simple test C program which leaks 4 bytes of memory:

#include <stdio.h>
#include <stdlib.h>

int main(void)
{
    int* x = malloc(sizeof(int));
    printf( "Address: %p\n", x);
    return 0;
}

I compile it with gcc -o leak leak.c, and then run it:

$ leak
Address: 0x55eb2269a260

Then I create another test C program that will try to free the leaked memory:

#include <stdio.h>
#include <stdlib.h>

int main(void)
{
    void *addr = (void*)0x55eb2269a260;
    printf( "Trying to free address: %p\n", addr);
    free(addr);
    return 0;
}

I compile it with gcc -o myfree free.c and then run it:

$ myfree
Trying to free address: 0x55eb2269a260
Segmentation fault (core dumped)

What is happening here? Why is it not possible to free the leaked memory?

Answer 1

Assuming we are talking about Unix-like operating systems (this also applies to Windows and the majority of other modern operating systems)...

What is happening here? Why is it not possible to free the leaked memory?

First of all: every running process have it's own virtual address space (or VAS). This VAS is a way the operating system have to lay out and organize the physical memory between different processes. It ranges from 0x0 to 0xFFFFFFFF on 32 bits processors and contains all the memory of the process - its code, static data, stack, heap, etc, it is all in the process VAS. A virtual address (or VA) is a specific address inside the virtual address space.

When you allocate memory with malloc the system will search for a valid unallocated memory on the process heap and if it finds, return a pointer of it (i.e. malloc essentially returns a virtual address).

After the process ends its VAS will be automatically "freed" by the operating system, so that memory is no longer valid, or allocated in that matter. Asides that, each process have its own virtual address space. You can not directly access a process VAS (virtual address space) using a VA (virtual address) of another process - by doing that what you actually end up doing is trying to access that VA in the running process which in your example is very likely to result in an unhandled ACCESS_VIOLATION exception and crashes the process.

Answer 2

Each process has its own virtual memory space due to process isolation. Memory addresses in one process are not the same memory addresses in another process. You cannot just access dynamic memory by the address in another process.

Answer 3

Just to complete the answer of dedecos, the virtual address space of a process is always different for a different process in the same machine. This means that what for process A is at 0x55eb2269a260, in process B has no counterpart. No address at Process B matches the same memory as it does for process A. So then, it's impossible to address from B any of the addresses of process A.

The thing is that there is a memory manager at the operating system kernel that handles processes memory to be always disjoint, so even if two processes have the same variable at the same address, those variables are different (e.g. two versions of ls command executing at the same time will have the data segment at the same address, as the linker put it there) their address spaces (the same data addresses, for example) map to different memory pages for each process. This way, you can run the same program several times in parallel without clashing their data segments.

Operating systems offer ways for two processes to share a memory segment, so they can share common data, but even in that case, the addresses of both visuals of the same segment haven't to be placed at the same address (as one of those processes can have occupied the address given to the other for something else), so the conclusion is that what an address means for a process is not valid outside it.