CODEWITHSUNDEEP
cfree
Leo Messi
Leo Messi

Reputation: 822

Query related to free() in C

What happens if you try to free a memory which is not allocated using malloc/calloc?

Here is what I mean :

void main()
{
int temp = 0;
int *ptr = &temp;
free(ptr);
}

I thought free() would return some error code but free() does not have a return value.

Upvotes: 3

Views: 248

Answers (5)

ninjalj
ninjalj

Reputation: 43748

All hell will break loose.

Which means:

  • If you are lucky, your program will error out and terminate.
  • If you are not lucky, some attacker will execute arbitrary code using your program (free() will usually try to insert your newly freed "chunk" of memory into some data structure, which usually involves some writes at locations determined by values at/near the pointer you passed).
  • Anything between these two extremes. Not terminating in error should be considered worse than terminating in error.

Upvotes: 1

Taylor Price
Taylor Price

Reputation: 642

In addition to the answers by Malcom and undur_gongor, C on Windows with Visual Studio is the same. The pertinent section from MSDN's description is found here:

The free function deallocates a memory block (memblock) that was previously allocated by a call to calloc, malloc, or realloc. The number of freed bytes is equivalent to the number of bytes requested when the block was allocated (or reallocated, in the case of realloc). If memblock is NULL, the pointer is ignored and free immediately returns. Attempting to free an invalid pointer (a pointer to a memory block that was not allocated by calloc, malloc, or realloc) may affect subsequent allocation requests and cause errors.

Upvotes: 0

Malcolm
Malcolm

Reputation: 41498

If you call free() on the pointer which wasn't allocated before, it will trigger undefined behavior.

From Linux man pages:

The free() function frees the memory space pointed to by ptr, which must have been returned by a previous call to malloc(), calloc() or realloc(). Otherwise, or if free(ptr) has already been called before, undefined behavior occurs. If ptr is NULL, no operation is performed.

Upvotes: 8

undur_gongor
undur_gongor

Reputation: 15954

To add to Malcolm's answer: This is undefined behavior by ISO/IEC 9899:1999, 7.20.3.2:

Otherwise, if the argument does not match a pointer earlier returned by the calloc, malloc, or realloc function [...] the behavior is undefined.

See the draft standard here: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf.

Upvotes: 4

kol
kol

Reputation: 28728

I extended the above code a bit: 

#include <stdio.h>
#include <stdlib.h>

void main()
{
  int temp = 0;
  int *ptr = &temp;
  printf("Before: %0X\n", ptr);
  free(ptr);
  printf("After: %0X\n", ptr);
  getchar();
}

If this code is compiled by Visual Studio 2010, in Debug configuration, calling free initiates a "Debug Assertion failed" message. This error message comes from dbgheap.c:

/*
 * If this ASSERT fails, a bad pointer has been passed in. It may be
 * totally bogus, or it may have been allocated from another heap.
 * The pointer MUST come from the 'local' heap.
 */
_ASSERTE(_CrtIsValidHeapPointer(pUserData));

Compiling with MinGW-GCC, the resulting exe runs without error (the "After: ..." line shows the same value for ptr as the "Before: ..." line).

Upvotes: 2

Related Questions