Double Free-崩溃或不崩溃 [英] Double Free - crash or no crash

问题描述

有人可以解释一下为什么连续两次释放a会导致崩溃，但是先释放a，然后释放b，然后再释放a不会崩溃吗?

Can someone explain me why freeing a twice in a row causes a crash, but freeing a first, then b, and then a again does not crash?

我知道一个free会将堆块插入到一个双链接的free列表中.释放两次将在空闲列表中两次插入相同的块.但是为什么会发生崩溃?

I know that a free will insert the heap chunk in a double linked free list. Freeing twice would insert the same chunk twice in the free list. But why is the crash happening?

int *a = malloc(8);
int *b = malloc(8);

free(a);

// free(a); // Would crash!

free(b);

free(a); // No crash.

推荐答案

在C语言中，未定义的行为就是这样:未定义.可能发生任何事情.

Because in C lingo, undefined behavior is just that: undefined. Anything might happen.

另请参见man 3 free:

[…]如果以前已经调用过free(ptr)，则会发生未定义的行为.

[…] if free(ptr) has already been called before, undefined behavior occurs.

这篇关于Double Free-崩溃或不崩溃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！