m******t
发帖数: 4077 | 1 非常简单一个程序
struct B {
struct B *next;
}
struct A {
int C;
struct B;
}
int
main()
{
struct B ** np;
tmp = (struct A *) malloc (sizeof(struct A));
np = &(tmp->B->next);
free(tmp);
printf("*np is %p", *np);
return 0;
}
按说free了tmp以后B->next就不再存在了,对吧?为什么这个时候还能够正确的
dereference *np呢?
如果把struct A中的B和C换个位置,*np就正确的变成的NULL pointer了。
是不是free memory的时候不wipe memory啊? |
X****r
发帖数: 3557 | 2 是不是free memory的时候不wipe memory啊?是
【在 m******t 的大作中提到】
: 非常简单一个程序
: struct B {
: struct B *next;
: }
: struct A {
: int C;
: struct B;
: }
: int
: main()
|
m******t
发帖数: 4077 | 3 那为啥把B和C的位置换换就被弄成NULL了? linxu/gcc
【在 X****r 的大作中提到】
: 是不是free memory的时候不wipe memory啊?是
|
X****r
发帖数: 3557 | 4 The result of dereferencing a dangling pointer is undefined,
meaning it could be anything, including 0. Or segfault.
There is nothing meaningful can be deduced. Just don't do it.
【在 m******t 的大作中提到】
: 那为啥把B和C的位置换换就被弄成NULL了? linxu/gcc
|
y***d
发帖数: 2330 | 5 try get it compilable first...
【在 m******t 的大作中提到】
: 非常简单一个程序
: struct B {
: struct B *next;
: }
: struct A {
: int C;
: struct B;
: }
: int
: main()
|
m******t
发帖数: 4077 | 6 这当然是psudo code了。compile是没有问题的。
【在 y***d 的大作中提到】
: try get it compilable first...
|
t****t
发帖数: 6806 | 7 your *np is indeterminated from the beginning -- you never assigned to B.
next. |
y***d
发帖数: 2330 | 8 Sorry but I have to say that this psudo code is completely trash.
"tmp->B->next" can not be applied to member A.B.
What really matters is whether A.B is a pointer or not.
Without knowing what the type of A.B is, one can not talk about '*np就正确的
变成的NULL pointer了'.
BTW, I don't think there is something like *np should 'correctly' be,
because 'free' can do
anything it likes to.
【在 m******t 的大作中提到】
: 这当然是psudo code了。compile是没有问题的。
|
m******t
发帖数: 4077 | 9 see ur point. should be tmp->B.next
A.B is of course not a pointer. It is a structure composed of a single
pointer.
tmp->B.next is not assigned to a member of A.B either but it is a valid
pointer. It points to the next member of the list.
Its address though is assigned to np; thus *np is exactly tmp->B->next if
you dereference it before free.
【在 y***d 的大作中提到】
: Sorry but I have to say that this psudo code is completely trash.
: "tmp->B->next" can not be applied to member A.B.
: What really matters is whether A.B is a pointer or not.
: Without knowing what the type of A.B is, one can not talk about '*np就正确的
: 变成的NULL pointer了'.
: BTW, I don't think there is something like *np should 'correctly' be,
: because 'free' can do
: anything it likes to.
|
t****t
发帖数: 6806 | 10 看重点就行了, 问的人都不care, 你care什么啊.
【在 y***d 的大作中提到】
: Sorry but I have to say that this psudo code is completely trash.
: "tmp->B->next" can not be applied to member A.B.
: What really matters is whether A.B is a pointer or not.
: Without knowing what the type of A.B is, one can not talk about '*np就正确的
: 变成的NULL pointer了'.
: BTW, I don't think there is something like *np should 'correctly' be,
: because 'free' can do
: anything it likes to.
|
y***d
发帖数: 2330 | 11 So np points into the chunk of memory allocated.
So just forget about np once 'free(tmp)' is called, since you've already
discarded this chunk of memory.
【在 m******t 的大作中提到】
: see ur point. should be tmp->B.next
: A.B is of course not a pointer. It is a structure composed of a single
: pointer.
: tmp->B.next is not assigned to a member of A.B either but it is a valid
: pointer. It points to the next member of the list.
: Its address though is assigned to np; thus *np is exactly tmp->B->next if
: you dereference it before free.
|
