how does free() know how much to free?

Chengi Jimmy Kuo cjkuo at locus.com
Fri Mar 1 08:58:27 AEST 1991


gah at hood.hood.caltech.edu (Glen Herrmannsfeldt) writes:

>Many free()'s store the length at the address right before the
      malloc()
>allocated space.  (Often aligned on a nice boundary.)
>If you reference element -1 in your malloc'ed array, you may
        write into [-1] or [-2]
>destroy the length, and cause lots of strange effects.

Jimmy Kuo
-- 
cjkuo at locus.com
"The correct answer to an either/or question is both!"



More information about the Comp.lang.c mailing list