Because most heap overflows corrupt a malloc() data structure to obtain control, some work has been done in the area of protective canaries for various malloc() implementations , similar in theory to stack canaries, but these have not yet caught on in most malloc() implementations (FreeBSD is the only one at the time of writing that has this simple check, for example). Even if heap canaries become commonplace, some heap overflows don't work by manipulating the malloc() implementation, and many programs will continue to be vulnerable.