How do free and malloc work in C?

by

When you malloc a block, it actually allocates a bit more memory than you asked for. This extra memory is used to store information such as the size of the allocated block, and a link to the next free/used block in a chain of blocks, and sometimes some “guard data” that helps the system to detect if you write past the end of your allocated block. Also, most allocators will round up the total size and/or the start of your part of the memory to a multiple of bytes (e.g. on a 64-bit system it may align the data to a multiple of 64 bits (8 bytes) as accessing data from non-aligned addresses can be more difficult and inefficient for the processor/bus), so you may also end up with some “padding” (unused bytes).

When you free your pointer, it uses that address to find the special information it added to the beginning (usually) of your allocated block. If you pass in a different address, it will access memory that contains garbage, and hence its behaviour is undefined (but most frequently will result in a crash)

Later, if you free() the block but don’t “forget” your pointer, you may accidentally try to access data through that pointer in the future, and the behaviour is undefined. Any of the following situations might occur:

  • the memory might be put in a list of free blocks, so when you access it, it still happens to contain the data you left there, and your code runs normally.
  • the memory allocator may have given (part of) the memory to another part of your program, and that will presumably have then overwritten (some of) your old data, so when you read it, you’ll get garbage which might cause unexpected behaviour or crashes from your code. Or you will write over the other data, causing the other part of your program to behave strangely at some point in the future.
  • the memory could have been returned to the operating system (a “page” of memory that you’re no longer using can be removed from your address space, so there is no longer any memory available at that address – essentially an unused “hole” in your application’s memory). When your application tries to access the data a hard memory fault will occur and kill your process.

This is why it is important to make sure you don’t use a pointer after freeing the memory it points at – the best practice for this is to set the pointer to NULL after freeing the memory, because you can easily test for NULL, and attempting to access memory via a NULL pointer will cause a bad but consistent behaviour, which is much easier to debug.

More Related Contents:

  1. If free() knows the length of my array, why can’t I ask for it in my own code?
  2. Why exactly should I not call free() on variables not allocated by malloc()?
  3. What REALLY happens when you don’t free after malloc before program termination?
  4. Setting variable to NULL after free
  5. How is malloc() implemented internally? [duplicate]
  6. How much memory would be freed if pointer is changed in C?
  7. Should I free memory before exit?
  8. free char*: invalid next size (fast) [duplicate]
  9. Can I rely on malloc returning NULL?
  10. C – Accessing data AFTER memory has been free()ed?
  11. malloc(sizeof(int)) vs malloc(sizeof(int *)) vs (int *)malloc(sizeof(int))
  12. malloc implementation?
  13. Why do I get different results when I dereference a pointer after freeing it?
  14. Malloc vs custom allocator: Malloc has a lot of overhead. Why?
  15. C: Correctly freeing memory of a multi-dimensional array
  16. Is freeing allocated memory needed when exiting a program in C
  17. Problem usage memory in C
  18. How are we able to access the pointer after deallocating the memory?
  19. Code for malloc and free
  20. How to avoid long chain of free’s (or deletes) after every error check in C?
  21. What happens to memory after free()?
  22. Where do malloc() and free() store allocated sizes and addresses?
  23. Why is it safer to use sizeof(*pointer) in malloc
  24. Dynamic memory access only works inside function
  25. Segmentation Fault when writing to a string [duplicate]
  26. aligned malloc() in GCC?
  27. Is the compiler allowed to recycle freed pointer variables?
  28. How to determine if memory is aligned?
  29. How to modify memory contents using GDB?
  30. How to check heap size for a process on Linux

Leave a Comment