C - What happens when you do a double free ?

May 26, 2017

C - What happens when you do a double free ?

Code

#include <stdio.h>
#include <stdlib.h>
#include <malloc.h>
void foo()
{
        int *p = malloc (sizeof(int));
        int *q = p;
        *p = 5;
        free(p);
        free(p);
}

int main()
{
        foo();
}

1. Running on 4.8.0-49-generic #52~16.04.1-Ubuntu
$ ./a.out
*** Error in `./a.out': double free or corruption (fasttop): 0x0000000000692010 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fe164dd07e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x7fe0a)[0x7fe164dd8e0a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7fe164ddc98c]
./a.out[0x4005a6]
./a.out[0x4005b7]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fe164d79830]
./a.out[0x400499]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:02 69998772                           /home/rohit/lab/c/a.out
00600000-00601000 r--p 00000000 08:02 69998772                           /home/rohit/lab/c/a.out
00601000-00602000 rw-p 00001000 08:02 69998772                           /home/rohit/lab/c/a.out
00692000-006b3000 rw-p 00000000 00:00 0                                  [heap]
7fe160000000-7fe160021000 rw-p 00000000 00:00 0
7fe160021000-7fe164000000 ---p 00000000 00:00 0
7fe164b43000-7fe164b59000 r-xp 00000000 08:02 42292149                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fe164b59000-7fe164d58000 ---p 00016000 08:02 42292149                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fe164d58000-7fe164d59000 rw-p 00015000 08:02 42292149                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fe164d59000-7fe164f18000 r-xp 00000000 08:02 42287702                   /lib/x86_64-linux-gnu/libc-2.23.so
7fe164f18000-7fe165118000 ---p 001bf000 08:02 42287702                   /lib/x86_64-linux-gnu/libc-2.23.so
7fe165118000-7fe16511c000 r--p 001bf000 08:02 42287702                   /lib/x86_64-linux-gnu/libc-2.23.so
7fe16511c000-7fe16511e000 rw-p 001c3000 08:02 42287702                   /lib/x86_64-linux-gnu/libc-2.23.so
7fe16511e000-7fe165122000 rw-p 00000000 00:00 0
7fe165122000-7fe165148000 r-xp 00000000 08:02 42287703                   /lib/x86_64-linux-gnu/ld-2.23.so
7fe165328000-7fe16532b000 rw-p 00000000 00:00 0
7fe165344000-7fe165347000 rw-p 00000000 00:00 0
7fe165347000-7fe165348000 r--p 00025000 08:02 42287703                   /lib/x86_64-linux-gnu/ld-2.23.so
7fe165348000-7fe165349000 rw-p 00026000 08:02 42287703                   /lib/x86_64-linux-gnu/ld-2.23.so
7fe165349000-7fe16534a000 rw-p 00000000 00:00 0
7ffd2ead3000-7ffd2eaf4000 rw-p 00000000 00:00 0                          [stack]
7ffd2ebd2000-7ffd2ebd4000 r--p 00000000 00:00 0                          [vvar]
7ffd2ebd4000-7ffd2ebd6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

2. Running on raspberry pi : 4.1.19-v7 #1 SMP Tue Mar 15 15:10:00 CDT 2016 armv7l GNU/Linux
# ./a.out
*** Error in `./a.out': double free or corruption (fasttop): 0x563a3008 ***
Aborted

Where is 'fasstop' coming from ?
Apparently, from the glib code where a double free check is performed.

Search This Blog

Random musings of a nutty coder

C - What happens when you do a double free ?

Comments

Post a Comment

Popular Posts

printing the entire array in gdb