Anand Babu <[EMAIL PROTECTED]> schrieb:

| ARGH!  This code worked on another machine.  I suppose the
| randomness of the compile/memory usage would allow the value read
| from the invalid pointer to still be correct for other machines.

Memory de-allocation routines usually don't take extra effort to
destroy the content. They just de-reference the pointer.

Just to be nitpicking: Dereferencing a pointer means accessing the memory area it points to, i.e. either "*ptr = 5" or "ptr->foo = 42".

In this case, because the free'd pointer is referenced immediately, it
never faulted.

It did fail on my system, though; otherwise I wouldn't have found it. I was a bit surprised myself, because I'd have expected the free() only to remove the allocated memory from some internal control structures, but not to have any immediate effect on the actual buffer contents. I can only suspect that some magical gcc optimization algorithm threw away the original pointer after the free().

Compilers usually can't see these bugs.

Bugs like this one could be easily detected, gcc has a great many of much more sophisticated algorithms for similar situations. Unfortunately dereference-after-free bugs are hardly ever as obvious as in this case.

I will use some memory debuggers to catch such errors and report soon.

Good idea. Running the code in Valgrind might be a great start.

Cheers,
Ingo




_______________________________________________
Freeipmi-devel mailing list
Freeipmi-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/freeipmi-devel

Reply via email to