On Sun, Jan 31, 2016 at 07:22:05PM +0000, Rainer Weikusat wrote:
> Hendrik Boom <hendrik@???> writes:
>
> [...]
>
> > After thet there are probably a variety of data structures that can
> > keep track of all the allocations and free spaces. on the Lnuxes I've
> > been using, malloc seems to keep its administrative data far removed
> > from the memory it is allocating. So although it's easy to clobber
> > one's data structures by indexing slightlly out of bounds one is
> > less likely to clobber malloc's administrative data.
>
> The 8 byte immediately in front of the allocated address are seemingly
> used to hold the block size. Running this program with an argument of
> 256 cause free to make noises about heap corruption on my system.

Very interesting. That's the way I would have expected malloc to work,
but years ago it seemed to behave differently. I seem to remember
storage areas being allocated i consecutive locations. Maybe malloc
has changed; maybe here are multiple different mallocs; maybe it does
different things with different block sizes; maybe the story is even
more complicated

-- hendrik

>
> -----
> #include <stdlib.h>
>

> int main(int argc, char **argv)
> {
>     char *p;

>

>     p = malloc(atoi(argv[1]));
>     p[-7] = 0;
>     free(p);

>

>     return 0;
> }
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng