scs@adam.mit.edu (Steve Summit) (02/26/91)
In article <1991Feb26.024207.26167@wpi.WPI.EDU> fenn@wpi.WPI.EDU (Brian Fennell) writes: >how does free know how much to free? *Four!* Our four weapons are... Ahem. YA FAQ list teaser: 55. How does free() know how many bytes to free? A: The malloc/free package remembers the size of each block it allocates and returns, so it is not necessary to remind it of the size when freeing. Security on adam is not tight; clearly some underground hacker's organization, for inscrutable purposes of its own, has broken in and stolen a copy of next month's greatly-expanded FAQ list, and is now trickling out its new questions, from random accounts around the country, just to torment me... Steve Summit scs@adam.mit.edu Maybe I should just post the darn thing a week early...
gah@hood.hood.caltech.edu (Glen Herrmannsfeldt) (02/28/91)
Many free()'s store the length at the address right before the allocated space. (Often aligned on a nice boundary.) If you reference element -1 in your malloc'ed array, you may destroy the length, and cause lots of strange effects.
cjkuo@locus.com (Chengi Jimmy Kuo) (03/01/91)
gah@hood.hood.caltech.edu (Glen Herrmannsfeldt) writes: >Many free()'s store the length at the address right before the malloc() >allocated space. (Often aligned on a nice boundary.) >If you reference element -1 in your malloc'ed array, you may write into [-1] or [-2] >destroy the length, and cause lots of strange effects. Jimmy Kuo -- cjkuo@locus.com "The correct answer to an either/or question is both!"