DiscussWorldIssues - Socio-Economic Religion and Political Uncensored Debate - View Single Post

**nretdjuend** · 08-23-2007, 11:50 PM

Originally posted by Kuciwalker
It should just segfault though... No. The way it works is that the C lib for efficiency will allocate a big chunk of memory (one or more pages) at a time, and then give you little peices each time you call malloc.

The malloc implementation is free to use some of its allocated memory for control structures, for example a linked list of allocated memory. For example the elements of this list could be interspersed with the actual malloced memory.

So if you allocate 16 bytes, but write 20 to the pointer you get, you will, say, overwrite the linked list head of the following element in malloc's linked list. So when you call free() it will find an invalid data structure.

For debugging, and depending on the compiler, you can instruct the compiler to link against an alternative malloc implementation which is implemented to discover any corruption sooner.

08-23-2007, 11:50 PM	#11
nretdjuend Join Date Oct 2005 Posts 497 Senior Member	Originally posted by Kuciwalker It should just segfault though... No. The way it works is that the C lib for efficiency will allocate a big chunk of memory (one or more pages) at a time, and then give you little peices each time you call malloc. The malloc implementation is free to use some of its allocated memory for control structures, for example a linked list of allocated memory. For example the elements of this list could be interspersed with the actual malloced memory. So if you allocate 16 bytes, but write 20 to the pointer you get, you will, say, overwrite the linked list head of the following element in malloc's linked list. So when you call free() it will find an invalid data structure. For debugging, and depending on the compiler, you can instruct the compiler to link against an alternative malloc implementation which is implemented to discover any corruption sooner.
	Quote