From owner-freebsd-questions@FreeBSD.ORG Tue Aug 5 06:58:57 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2AB051065674 for ; Tue, 5 Aug 2008 06:58:57 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 9983C8FC1E for ; Tue, 5 Aug 2008 06:58:56 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (adsl19-159.kln.forthnet.gr [77.49.146.159]) (authenticated bits=128) by igloo.linux.gr (8.14.3/8.14.3/Debian-5) with ESMTP id m756wgE9006113 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 5 Aug 2008 09:58:48 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.2/8.14.2) with ESMTP id m756wfIO038884; Tue, 5 Aug 2008 09:58:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.2/8.14.2/Submit) id m756wfXT038883; Tue, 5 Aug 2008 09:58:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: "Shyamal Shukla" References: Date: Tue, 05 Aug 2008 09:58:40 +0300 In-Reply-To: (Shyamal Shukla's message of "Tue, 5 Aug 2008 11:46:06 +0530") Message-ID: <87ej54hrrz.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MailScanner-ID: m756wgE9006113 X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.815, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.58, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: memory allocation with malloc X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 06:58:57 -0000 On Tue, 5 Aug 2008 11:46:06 +0530, "Shyamal Shukla" wrote: > Hi All, > > I am trying to validate my understanding of how malloc works by means > of the below C program which tries to corrupt essential information > maintained by malloc for free() operation. > > The program allocates 4, 12 byte blocks (internally 16 bytes are allocated > for each 12 byte block). Hence the total allocated space was 48 bytes. > > As malloc maintains the (length of allocated block + 1), 4 bytes before the > returned pointer (from malloc), I have manipulated this length for the first > block and set it to 49 with the goal that a single free shall release all > these 4 blocks and a subsequent malloc of 15 bytes shall be from the address > of first block. > > However, this does not happen. Can someone please correct my understanding > and provide me with a reference to the working of malloc() and free()? That's because the original assumption is false. You wrote that "malloc maintains the (length of allocated block + 1), 4 bytes before the returned pointer (from malloc)". But that is not really true for all malloc() implementations, and it certainly isn't true for the `jemalloc' implementation that FreeBSD 7.X and 8.0-CURRENT use.