Date: Tue, 05 Aug 2008 09:58:40 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: "Shyamal Shukla" <shyamalshukla@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: memory allocation with malloc Message-ID: <87ej54hrrz.fsf@kobe.laptop> In-Reply-To: <eb50c26c0808042316yde39f60r7e68a89fb2cef9c6@mail.gmail.com> (Shyamal Shukla's message of "Tue, 5 Aug 2008 11:46:06 %2B0530") References: <eb50c26c0808040629w252647f1m756f43a7aeba1ff9@mail.gmail.com> <eb50c26c0808042316yde39f60r7e68a89fb2cef9c6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Aug 2008 11:46:06 +0530, "Shyamal Shukla" <shyamalshukla@gmail.com> wrote: > Hi All, > > I am trying to validate my understanding of how malloc works by means > of the below C program which tries to corrupt essential information > maintained by malloc for free() operation. > > The program allocates 4, 12 byte blocks (internally 16 bytes are allocated > for each 12 byte block). Hence the total allocated space was 48 bytes. > > As malloc maintains the (length of allocated block + 1), 4 bytes before the > returned pointer (from malloc), I have manipulated this length for the first > block and set it to 49 with the goal that a single free shall release all > these 4 blocks and a subsequent malloc of 15 bytes shall be from the address > of first block. > > However, this does not happen. Can someone please correct my understanding > and provide me with a reference to the working of malloc() and free()? That's because the original assumption is false. You wrote that "malloc maintains the (length of allocated block + 1), 4 bytes before the returned pointer (from malloc)". But that is not really true for all malloc() implementations, and it certainly isn't true for the `jemalloc' implementation that FreeBSD 7.X and 8.0-CURRENT use.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87ej54hrrz.fsf>