DragonFly BSD
DragonFly bugs List (threaded) for 2004-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: cu coredumps


From: Mark Cullen <mark.cullen@xxxxxxxxxxxxx>
Date: Wed, 27 Oct 2004 19:04:07 +0100

Adrian Nida wrote:
tmp_cp = malloc(sizeof(char) * 10);
cp = tmp_cp
free(tmp_cp);
tmp_cp = NULL;

then cp would now be pointing to a block of memory that could be used by
some other process/overwritten? Would that not make it impossible for me
to actually free tmp_cp, as cp needs it?


This frees the memory that tmp_cp && cp both *point to*. From that point on,
if you reference cp you'll hopefully segfault because you're referencing
garbage.  Worst case, someone will put some malicious code at that memory
location and 0wn3 your box.

That's what I thought, but I thought when you called free() it didn't actually touch the data there, just mark it as free for other programs to use or something?


So.. it's actually pretty impossible for me to free tmp_cp anyway in this case isn't it? The function seems to return cp as an integer, so I can't free tmp_cp if I need cp pointing, so be able to prepend(?) /dev/ into the string?

Maybe there's some better way of doing it I guess. Maybe what I have done just isn't right anyway? :)


Also if this is a local function, pointing tmp_cp to NULL does nothing
useful except give you a clean stack. That practice is most beneficial when
using global/member variables.


Adrian



--
Internet Explorer? Try FireFox at http://www.mozilla.org/products/firefox/
Outlook Express? Try ThunderBird at http://www.mozilla.org/products/thunderbird/




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]