On Sun, Jan 31, 2016 at 07:22:05PM +0000, Rainer Weikusat wrote:
> Hendrik Boom <[email protected]> writes:
>
> [...]
>
> > After thet there are probably a variety of data structures that can
> > keep track of all the allocations and free spaces. on the Lnuxes I've
> > been using, malloc seems to keep its administrative data far removed
> > from the memory it is allocating. So although it's easy to clobber
> > one's data structures by indexing slightlly out of bounds one is
> > less likely to clobber malloc's administrative data.
>
> The 8 byte immediately in front of the allocated address are seemingly
> used to hold the block size. Running this program with an argument of
> 256 cause free to make noises about heap corruption on my system.
Very interesting. That's the way I would have expected malloc to work,
but years ago it seemed to behave differently. I seem to remember
storage areas being allocated i consecutive locations. Maybe malloc
has changed; maybe here are multiple different mallocs; maybe it does
different things with different block sizes; maybe the story is even
more complicated
-- hendrik
>
> -----
> #include <stdlib.h>
>
> int main(int argc, char **argv)
> {
> char *p;
>
> p = malloc(atoi(argv[1]));
> p[-7] = 0;
> free(p);
>
> return 0;
> }
> _______________________________________________
> Dng mailing list
> [email protected]
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
