As the title suggests I am new to C and have a mid-term coming up shortly. I am revising from past papers currently and a recurring theme is the double free problem. I understand that it is the process of calling free()
on the same memory location twice, but I have a couple of questions that I'm not 100% sure how to answer:
Question 1: What is the result of a double free in C, and why is it such a problem?
This will cause a double free:
char* ptr = malloc(sizeof(char));
*ptr = 'a';
free(ptr);
free(ptr);
My response to this would be that it would return a 0x0 memory address and cause a system instability/crash. Also if I remember correctly, a double free can actually call malloc
twice which results in a buffer overflow thus leaving the system vulnerable.
What would be the best way to briefly sum up this question?
Question 2: Describe a situation in which it is particularly easy to introduce a double free in C?
I was thinking when passing pointers around you may accidentally free it in one function, and also free it again without realising?
Again, what is the "best" way to sum this up?
A double free in C, technically speaking, leads to undefined behavior. This means that the program can behave completely arbitrarily and all bets are off about what happens. That's certainly a bad thing to have happen! In practice, double-freeing a block of memory will corrupt the state of the memory manager, which might cause existing blocks of memory to get corrupted or for future allocations to fail in bizarre ways (for example, the same memory getting handed out on two different successive calls of malloc
).
Double frees can happen in all sorts of cases. A fairly common one is when multiple different objects all have pointers to one another and start getting cleaned up by calls to free
. When this happens, if you aren't careful, you might free
the same pointer multiple times when cleaning up the objects. There are lots of other cases as well, though.
Hope this helps!