Re: double free
From: Eric Sosman (Eric.Sosman_at_sun.com)
Date: 07/01/04
- Next message: Corey Murtagh: "Re: Long term nuclear waste disposal"
- Previous message: Emmanuel Delahaye: "Re: double free"
- In reply to: weaselboy1976: "double free"
- Next in thread: Keith Thompson: "Re: double free"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 01 Jul 2004 16:29:33 -0400
weaselboy1976 wrote:
> Hello
>
> Does anyone know of a good website that actually describes and
> demonstrates WHY freeing a pointer more than once is a problem. I'm
> specifically interested in what the ill effects are.
Others have mentioned the likelihood of corrupting
the data structures malloc() and friends use to keep track
of memory. But even if no such corruption occurs, it's
easy to see that trouble can ensue:
ptr1 = malloc(size); // suppose we get "Area A"
...
free (ptr1); // Area A ready for re-use
...
ptr2 = malloc(size); // suppose we get Area A again
...
free (ptr1); // second free(); Area A released
...
ptr3 = malloc(size); // acquire Area A a third time
Now you've got both ptr2 and ptr3 pointing to the same area
of memory. So when you do
strcpy (ptr2, "green"); // stores "green" in Area A
strcpy (ptr3, "red"); // overwrites it with "red"
printf ("Push the %s button immediately!\n",
emergency_in_progress() ? ptr3 : ptr2);
you will be responsible for the meltdown of the nuclear power
plant, and the subsequent release of radiation that mutates
your weaselly offspring into giant ferrets. Be warned!
-- Eric.Sosman@sun.com
- Next message: Corey Murtagh: "Re: Long term nuclear waste disposal"
- Previous message: Emmanuel Delahaye: "Re: double free"
- In reply to: weaselboy1976: "double free"
- Next in thread: Keith Thompson: "Re: double free"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
