From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 17:24:35 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F2CB1065678 for ; Wed, 6 Aug 2008 17:24:35 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id E5B808FC08 for ; Wed, 6 Aug 2008 17:24:34 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m76HOP9x017320; Wed, 6 Aug 2008 12:24:25 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080806121325.0264a750@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Wed, 06 Aug 2008 12:24:05 -0500 To: "Shyamal Shukla" , freebsd-questions@freebsd.org From: Derek Ragona In-Reply-To: References: Mime-Version: 1.0 X-Antivirus: avast! (VPS 080806-0, 08/06/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93.3/7959/Wed Aug 6 08:06:37 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m76HOP9x017320 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: memory allocation with malloc X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 17:24:35 -0000 At 01:16 AM 8/5/2008, Shyamal Shukla wrote: >Hi All, > > I am trying to validate my understanding of how malloc works by means >of the below C program which tries to corrupt essential information >maintained by malloc for free() operation. > >The program allocates 4, 12 byte blocks (internally 16 bytes are allocated >for each 12 byte block). Hence the total allocated space was 48 bytes. > >As malloc maintains the (length of allocated block + 1), 4 bytes before the >returned pointer (from malloc), I have manipulated this length for the first >block and set it to 49 with the goal that a single free shall release all >these 4 blocks and a subsequent malloc of 15 bytes shall be from the address >of first block. > >However, this does not happen. Can someone please correct my understanding >and provide me with a reference to the working of malloc() and free()? > >#include > >int main(void) >{ > char * ptr,* ptr1, *ptr2, * ptr3, * ptr4; > int * i; > int n,q,p; > int loop = 0; > > ptr1 = (char *)malloc(12); > i = (int *)(ptr1 - 4); > printf("\n ptr1 = %p,%d \n",ptr1,*i); > printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]); > printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]); > printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]); > printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]); > *i = 49; > > ptr2 = (char *)malloc(12); > i = (int *)(ptr2 - 4); > printf("\n ptr2 = %p,%d \n",ptr2,*i); > printf("\n %d:%d:%d:%d\n",ptr2[-4],ptr2[-3],ptr2[-2],ptr2[-1]); > > ptr3 = (char *)malloc(12); > i = (int *)(ptr3 - 4); > printf("\n ptr3 = %p,%d \n",ptr3,*i); > printf("\n %d:%d:%d:%d\n",ptr3[-4],ptr3[-3],ptr3[-2],ptr3[-1]); > > ptr4 = (char *)malloc(12); > i = (int *)(ptr4 - 4); > printf("\n ptr4 = %p,%d \n",ptr4,*i); > printf("\n %d:%d:%d:%d\n",ptr4[-4],ptr4[-3],ptr4[-2],ptr4[-1]); > > free(ptr1); > printf("\n ------------ANALYZE-------------\n"); > printf("\n %d:%d:%d:%d\n",ptr1[-4],ptr1[-3],ptr1[-2],ptr1[-1]); > printf("\n %d:%d:%d:%d\n",ptr1[0],ptr1[1],ptr1[2],ptr1[3]); > printf("\n %d:%d:%d:%d\n",ptr1[4],ptr1[5],ptr1[6],ptr1[7]); > printf("\n %d:%d:%d:%d\n",ptr1[8],ptr1[9],ptr1[10],ptr1[11]); > > ptr = (char *)malloc(15); > i = (int *)(ptr - 4); > printf("\n ptr = %p,%d \n",ptr,*i); > return; >} > > >Thanks and Regards, >Shyamal > > I'm not quite sure what it is you want to accomplish with this program. However, malloc and free work on the program's given data area. This data area can be increased should there be a need for more memory. You should NEVER assume that memory blocks are contiguous. There are many reasons why they would not be contiguous among them compiler optimizations. If you really want to delve into how a program is executed, have the compiler output the assembler code and look at that. The assembler code will show exactly how and where the variables are allocated. With such small amount of data used in your program, it is possible the variables are all just on the stack. You may want to check out the brk and sbrk man pages as they will give you some information into how memory management was originally done as these functions are lower-level than malloc and free. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.