Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!elroy.jpl.nasa.gov!turnkey!orchard.la.locus.com!fafnir.la.locus.com!fafnir.la.locus.com!cjkuo
From: cjkuo@locus.com (Chengi Jimmy Kuo)
Newsgroups: comp.lang.c
Subject: Re: how does free() know how much to free?
Message-ID: <cjkuo.667778307@fafnir.la.locus.com>
Date: 28 Feb 91 21:58:27 GMT
References: <1991Feb26.024207.26167@wpi.WPI.EDU> <1991Feb26.045059.6546@athena.mit.edu> <gah.667705154@valine>
Distribution: comp
Organization: Locus Computing Corporation, Los Angeles, California
Lines: 13

gah@hood.hood.caltech.edu (Glen Herrmannsfeldt) writes:

>Many free()'s store the length at the address right before the
      malloc()
>allocated space.  (Often aligned on a nice boundary.)
>If you reference element -1 in your malloc'ed array, you may
        write into [-1] or [-2]
>destroy the length, and cause lots of strange effects.

Jimmy Kuo
-- 
cjkuo@locus.com
"The correct answer to an either/or question is both!"