#include <stdio.h> #include <stdlib.h> typedef struct sample { void* data; }sample_t; int main() { printf("hello world!\n"); sample_t* samplestruct = (sample_t*) malloc(sizeof(sample_t)); samplestruct->data = (void*) malloc(10); free(samplestruct->data); free(samplestruct); samplestruct->data = null; samplestruct = null; return 0; } in above code, free both 'samplestruct->data' , 'samplestruct' , setting both of them null, in order free. right now, code not crashing application. there problem code? can exploited in ways (i mean security-wise)?
traditionally, implementations of free did not alter free'd memory until call malloc next time. still true on platforms (which might reason why code not crash) can't , shouldn't relied on. if so, in multi-threaded application, memory free'd might have been allocated different thread inbetween call free , usage. in general, such race condition used attacker make pointer point other data, possibly data controlled attacker.
do not write code code in question.
