什么是“双重免费"?意思是? [英] What does "double free" mean?

问题描述

正如标题所暗示的，我是C的新手，并且期中考试很快就会到来.我正在从过去的论文中进行修订，重复出现的主题是双重免费问题.我知道这是在相同的内存位置上两次调用free()的过程，但是我有两个问题，我不确定100％如何回答:

As the title suggests I am new to C and have a mid-term coming up shortly. I am revising from past papers currently and a recurring theme is double free problem. I understand that it is the process of calling free() on the same memory location twice, but I have a couple of questions that I'm not 100% sure how to answer:

问题1:C语言中的double free结果是什么，为什么会出现这样的问题?

这将导致双重免费:

char* ptr = malloc(sizeof(char));

*ptr = 'a';
free(ptr);
free(ptr);

对此，我的答复是，它将返回0x0内存地址并导致系统不稳定/崩溃.同样，如果我没记错的话，double free实际上可以两次调用malloc，这会导致缓冲区溢出，从而使系统容易受到攻击.

My response to this would be, would it return a 0x0 memory address and cause a system instability/crash. Also if I remember correctly, a double free can actually call malloc twice which results in a buffer overflow thus leaving the system vulnerable.

简要总结这个问题的最佳方法是什么?

What would be the best way to briefly sum up this question?

问题2:描述一种情况，在这种情况下特别容易引入 可以在C中免费吗?

Question 2: Describe a situation in which it is particularly easy to introduce a double free in C?

我在想，当在您周围传递指针时，可能会意外地将其释放到一个函数中，并且又在没有意识到的情况下再次释放它?

I was thinking when passing pointers around you may accidentally free it in one function, and also free it again without realising?

再次，总结这一点的最佳"方法是什么?

Again, what is the "best" way to sum this up?

推荐答案

从技术上讲，C语言中的double free会导致未定义的行为.这意味着该程序可以完全任意地运行，并且所有赌注都不会发生.这肯定是一件坏事！实际上，双重释放一个内存块将破坏内存管理器的状态，这可能会导致现有内存块被破坏或将来的分配以奇怪的方式失败(例如，同一内存在两个malloc)的不同连续调用.

A double free in C, technically speaking, leads to undefined behavior. This means that the program can behave completely arbitrarily and all bets are off about what happens. That's certainly a bad thing to have happen! In practice, double-freeing a block of memory will corrupt the state of the memory manager, which might cause existing blocks of memory to get corrupted or for future allocations to fail in bizarre ways (for example, the same memory getting handed out on two different successive calls of malloc).

双重释放可能发生在各种情况下.一个相当普遍的情况是，当多个不同的对象都有指向彼此的指针并开始通过调用free进行清理时.发生这种情况时，如果不小心，可能在清理对象时多次free相同的指针.不过，还有很多其他情况.

Double frees can happen in all sorts of cases. A fairly common one is when multiple different objects all have pointers to one another and start getting cleaned up by calls to free. When this happens, if you aren't careful, you might free the same pointer multiple times when cleaning up the objects. There are lots of other cases as well, though.

希望这会有所帮助！

这篇关于什么是“双重免费"?意思是?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！