cu coredumps

Mark Cullen mark.cullen at dsl.pipex.com
Wed Oct 27 11:04:07 PDT 2004


Adrian Nida wrote:
tmp_cp = malloc(sizeof(char) * 10);
cp = tmp_cp
free(tmp_cp);
tmp_cp = NULL;
then cp would now be pointing to a block of memory that could be used by
some other process/overwritten? Would that not make it impossible for me
to actually free tmp_cp, as cp needs it?


This frees the memory that tmp_cp && cp both *point to*. From that point on,
if you reference cp you'll hopefully segfault because you're referencing
garbage.  Worst case, someone will put some malicious code at that memory
location and 0wn3 your box.
That's what I thought, but I thought when you called free() it didn't 
actually touch the data there, just mark it as free for other programs 
to use or something?

So.. it's actually pretty impossible for me to free tmp_cp anyway in 
this case isn't it? The function seems to return cp as an integer, so I 
can't free tmp_cp if I need cp pointing, so be able to prepend(?) /dev/ 
into the string?

Maybe there's some better way of doing it I guess. Maybe what I have 
done just isn't right anyway? :)

Also if this is a local function, pointing tmp_cp to NULL does nothing
useful except give you a clean stack.  That practice is most beneficial when
using global/member variables. 

Adrian



--
Internet Explorer? Try FireFox at http://www.mozilla.org/products/firefox/
Outlook Express? Try ThunderBird at 
http://www.mozilla.org/products/thunderbird/





More information about the Bugs mailing list