garbage collection - Order of memory disposal and GC in C# -

what happens in c# when:

1) method gets invoked. 2) method allocates memory (e.g. memorystream mm = new memorystream()). 3) exception occurs in method caught invoking classes. 

does resource "mm" gets freed garbage collector? security risk (e.g. dos)?

p.s.: know best practice explicitely free allocated resource. mean use "using"-statement or "try/catch/finally"-block.

does resource "mm" freed garbage collector?

once dead, yes. gc run , free memory if unreferenced.

is security risk?

let's precise in our terminology. asset of value: private data, user's time, , on. attacker wishes harm asset. threat manner in attacker harm. vulnerability aspect of scenario taken advantage of attacker make threat.

to answer question need know:

• what asset?
• who attacker?
• what threat attacker poses asset?
• what vulnerability can attacker take advantage of make threat?

only once state answers questions can possibly know whether failure release memory buffer upon exception security risk.

for real-world example, asset television, attacker thief, threat theft, , vulnerability unlocked second floor window , ladder in garage. ladder , window both part of vulnerability threat. however, neither of them vulnerability threat of, say, arson. cannot determine risk of particular aspect of situation until know realistic threat is!

i know best practice explicitly free allocated resource.

it practice explicitly clean unmanaged resources, file handles controlled operating system. typically let garbage collector clean managed memory.