Exploitation goes as follows: if an application copies data without first checking to see if it fits into the chunk (blocks of data in the heap), the attacker could supply the application with a piece of data that is too large, overwriting heap management information (metadata) of the next chunk. This allows an attacker to overwrite an arbitrary memory location with four bytes of data. In most environments, this may allow the attacker control over the program execution.
Recent releases of GNU libc (which incorporate the Doug Lea allocator) can detect heap overflows after the fact. The DieHard allocator prevents library-based heap overflows and reduces the likelihood of heap overflows having any effect on a running program. DieHard also makes it impossible to overwrite heap metadata by storing it separately from the heap.
US Patent Issued to National Instruments on May 31 for "Test Executive System with Memory Leak Detection for User Code Modules" (Texas Inventor)
Jun 02, 2011; ALEXANDRIA, Va., June 2 -- United States Patent no. 7,954,009, issued on May 31, was assigned to National Instruments Corp....