Out-of-bounds pointers
Doug Gwyn
gwyn at smoke.BRL.MIL
Sat Oct 7 10:19:39 AEST 1989
In article <217 at bbxsda.UUCP> scott at bbxsda.UUCP (Scott Amspoker) writes:
-my_proc()
- {
- register char *p;
- p = (char*)malloc(1000);
- free(p); /* free never returns but core dumps instead - why? */
- }
-This seemingly innocent code could possibly error out according to the
-"rules of comformance" presented by some readers.
NO NO NO. You have mispresented the argument. So long as malloc()
(assumed to be properly declared!) doesn't return a null pointer,
the above will work in ALL conforming implementations. The trouble
arises only when after the free() the pointer p (NOT what it points
to, that's inarguably invalid) continues to be examined or otherwise
manipulated by the program.
-Don't worry - all is not lost. No one was able to come up with a real
-world example of something like this. In other words - standards and
-ANSI drafts aside - you probably will not get into trouble unless you
-actually try to *de-reference* a bad pointer.
Nobody came up with YOUR example, but there were several examples
posted of genuine computer architectures where continued access of
an invalid pointer value would cause problems.
More information about the Comp.std.c
mailing list