Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!apple!usc!jarthur!nntp-server.caltech.edu!gah
From: gah@hood.hood.caltech.edu (Glen Herrmannsfeldt)
Newsgroups: comp.lang.c
Subject: Re: how does free() know how much to free?
Message-ID: <gah.667705154@valine>
Date: 28 Feb 91 01:39:14 GMT
References: <1991Feb26.024207.26167@wpi.WPI.EDU> <1991Feb26.045059.6546@athena.mit.edu>
Sender: news@nntp-server.caltech.edu
Organization: California Institute of Technology, Pasadena
Lines: 4

Many free()'s store the length at the address right before the
allocated space.  (Often aligned on a nice boundary.)
If you reference element -1 in your malloc'ed array, you may
destroy the length, and cause lots of strange effects.