Did you see the post where someone had reversed engineered some key encryption/obfuscation(?) function from the Android app which was just a substitution cypher and had a 66 byte memory leak on every call?
It has been deleted! It was posted on r/programmerhumor two days ago (had "reverse engineered" in the title), there was a post about how the original post was deleted, and now everything is private.
The gist was that the function started out with a (fixed-size!) malloc, then copied the source key while applying the substitution cypher into the buffer, and then returned the result of calling a JNI function (NewStringUTF, IIRC) with the buffer, but did not actually free the buffer (which wasn't necessary in the first place). And this function apparently gets called quite often.
