Date: Wed, 14 Jan 1998 20:51:26 +0200 (IST)
From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
To: Noam Rotem <nrotem AT johnbryce DOT co DOT il>
cc: djgpp AT delorie DOT com
Subject: Re: Set free my ignorance around 'free'
In-Reply-To: <Chameleon.980114170604.nrotem@netvision.netvision>
Message-ID: <Pine.SUN.3.91.980114204751.10281E-100000@is>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Precedence: bulk


On Wed, 14 Jan 1998, Noam Rotem wrote:

> Can anyone explain to me the process of freeing a dynamic 
> allocation? (I mean the process in memory, by the OS). What 
> does *actualy* happen when I try to free a non dynamic 
> allocation, or use a pointer to the middle of an allocation 
> to free it? I know it is undefined, but why? What does the 
> computer do when I use 'free'?

`malloc' usually reserves a few bytes more than you request, and writes 
the size of the chunk in those extra bytes.  When you pass to `free' a 
pointer to something other than the original pointer returned by 
`malloc', it uses the place where those extra bytes were supposed to be 
stored to know how large the chunk was, and then overwrites it with some 
stuff to mark that chunk as unused.

So passing such pointers to `free' means that you invite it to overwrite 
memory in an unpredictable place.