This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug malloc/12140] mallopt(M_PERTURB) free() anomaly
- From: "mtk.manpages at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 17 Oct 2012 14:11:05 +0000
- Subject: [Bug malloc/12140] mallopt(M_PERTURB) free() anomaly
- Auto-submitted: auto-generated
- References: <bug-12140-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=12140
--- Comment #7 from Michael Kerrisk <mtk.manpages at gmail dot com> 2012-10-17 14:11:05 UTC ---
(In reply to comment #6)
> Yes, that's the fun part. The fd and bk pointers are written within the usable
> area for a free block - it saves 2*sizeof(void *) per chunk. In any case, a
> user should not expect to be able to use them anyway for doing a check similar
> to what you did after free, because that is undefined - you could cause a
> segfault if the chunk was allocated using mmap.
Ahhh yes, I see what you mean.
However, that begs the question: why do the values in the first 2* sizeof(void
*) not look like pointers. (Okay, the zero could be a NULL pointer, but that
seems unlikely.) I think imagine that the reason is this: this particular block
of memory is in a FASTBIN, and IIRC, pointers are used there, just bitmaps of
free and in use slots. Sound reasonable?
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.