Definition
Plain language
The pool of memory a running program uses for data whose size isn't known in advance.
As stated in the literature
The region of dynamically allocated process memory; corruption of heap allocations via use-after-free, double-free, or buffer overflow is the dominant memory-safety vulnerability class targeted in this corpus.
Also called: heap allocation
Why it matters: Mishandling this memory is the most common source of serious security holes, making it a prime target for both attackers and bug-finding tools.
For example, when a program loads an image whose size it learns only at runtime, it sets aside heap memory to hold the pixels.
Heard on the show
“The "fat process" they measure is a Django sandbox with about three hundred and fifty megabytes of working directory and fifty megabytes of Python heap.”Episode 068 — The OS Trick That Makes Tree Search Practical for Coding Agents