Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!tcdcs!nixeid!keogh
From: keogh@nixeid.UUCP (Paul Keogh)
Newsgroups: comp.unix.wizards
Subject: free() boundary checking
Keywords: free,memory
Message-ID: <25@nixeid.UUCP>
Date: 8 Mar 90 10:37:59 GMT
Organization: Nixdorf Computer Software,Dublin Ireland
Lines: 25

I had a problem recently with a large application which supports the standard
shell globbing characters. The code for the globbing support was almost
exclusively lifted from the csh source. Under certain conditions, the         
application would crash on the next malloc call after the globbing operations.

Inspection of the code showed that a block freeing routine in the code called
free() whereas the equivalent csh code called a routine called xfree().  

xfree(c)
char *c;
{
	extern char end[];

	if (c >= end && c < (char *) &c)
		free(c);
}

I put this code into my application and the problem disappeared. 

Why is this check necessary ? Does the fix indicate that a previous malloc
/free operation was invalid ?.Opinions please.

Thanx,
Paul Keogh.
keogh@u.nix.ie