[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] bmc-config: PEF config checkout

From: Ingo van Lil
Subject: Re: [Freeipmi-devel] bmc-config: PEF config checkout
Date: Sun, 10 Sep 2006 19:00:53 +0200
User-agent: Internet Messaging Program (IMP) H3 (4.0.5)

Anand Babu <address@hidden> schrieb:

| ARGH!  This code worked on another machine.  I suppose the
| randomness of the compile/memory usage would allow the value read
| from the invalid pointer to still be correct for other machines.

Memory de-allocation routines usually don't take extra effort to
destroy the content. They just de-reference the pointer.

Just to be nitpicking: Dereferencing a pointer means accessing the memory area it points to, i.e. either "*ptr = 5" or "ptr->foo = 42".

In this case, because the free'd pointer is referenced immediately, it
never faulted.

It did fail on my system, though; otherwise I wouldn't have found it. I was a bit surprised myself, because I'd have expected the free() only to remove the allocated memory from some internal control structures, but not to have any immediate effect on the actual buffer contents. I can only suspect that some magical gcc optimization algorithm threw away the original pointer after the free().

Compilers usually can't see these bugs.

Bugs like this one could be easily detected, gcc has a great many of much more sophisticated algorithms for similar situations. Unfortunately dereference-after-free bugs are hardly ever as obvious as in this case.

I will use some memory debuggers to catch such errors and report soon.

Good idea. Running the code in Valgrind might be a great start.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]