sebas_phoenix
03-22-2011, 12:02 AM
This is the code...
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
main(int argc,char **argv)
{
int *ptr1,*ptr2,*ptr3;
int size1,size2,size3;
size1=atoi(argv[1]);
size2=atoi(argv[2]);
size3=atoi(argv[3]);
ptr1=(int *)malloc(size1);
ptr2=(int *)malloc(size2);
ptr3=(int *)malloc(size3);
*ptr1=*ptr2=10;
printf("[ptr1] @ %p contains %d\n",ptr1,*ptr1);
printf("[ptr2] @ %p contains %d\n",ptr2,*ptr2);
//free(ptr2);
free(ptr1);
printf("Freed ptr1 \n");
ptr3=(int *)malloc(size3);
*ptr3=20;
printf("[ptr3] @ %p contains %d\n",ptr3,*ptr3);
}
After i run it like this...
$ ./heap_test 40 100 100
[ptr1] @ 0x93b8008 contains 10
[ptr2] @ 0x93b8038 contains 10
Freed ptr1
[ptr3] @ 0x93b8108 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location than ptr2 (heap grows upward in memory from lower address to higher address)
After running it like this
$ ./heap_test 50 100 10
[ptr1] @ 0x8cf5008 contains 10
[ptr2] @ 0x8cf5040 contains 10
Freed ptr1
[ptr3] @ 0x8cf50b8 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location than ptr2 eventhough it could have started at the location where ptr1 pointed to at first before being deallocated
After bruteforcing for some time...Now if i run the code like this...
$ ./heap_test 69 100 10
[ptr1] @ 0x9b5a008 contains 10
[ptr2] @ 0x9b5a058 contains 10
Freed ptr1
[ptr3] @ 0x9b5a008 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location tat is the same as that pointed to by ptr1 before getting deallocated...
Hope u can sum up the heap allocation.. also 69 is the lowest value ie after 69 if the ptr3 allocation size is less than the deallocated size of ptr1, then it gets allocated at the location pointed to by ptr1 (before getting deallocated)...Dunno its significance , thought of sharing nevertheless... :)
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
main(int argc,char **argv)
{
int *ptr1,*ptr2,*ptr3;
int size1,size2,size3;
size1=atoi(argv[1]);
size2=atoi(argv[2]);
size3=atoi(argv[3]);
ptr1=(int *)malloc(size1);
ptr2=(int *)malloc(size2);
ptr3=(int *)malloc(size3);
*ptr1=*ptr2=10;
printf("[ptr1] @ %p contains %d\n",ptr1,*ptr1);
printf("[ptr2] @ %p contains %d\n",ptr2,*ptr2);
//free(ptr2);
free(ptr1);
printf("Freed ptr1 \n");
ptr3=(int *)malloc(size3);
*ptr3=20;
printf("[ptr3] @ %p contains %d\n",ptr3,*ptr3);
}
After i run it like this...
$ ./heap_test 40 100 100
[ptr1] @ 0x93b8008 contains 10
[ptr2] @ 0x93b8038 contains 10
Freed ptr1
[ptr3] @ 0x93b8108 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location than ptr2 (heap grows upward in memory from lower address to higher address)
After running it like this
$ ./heap_test 50 100 10
[ptr1] @ 0x8cf5008 contains 10
[ptr2] @ 0x8cf5040 contains 10
Freed ptr1
[ptr3] @ 0x8cf50b8 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location than ptr2 eventhough it could have started at the location where ptr1 pointed to at first before being deallocated
After bruteforcing for some time...Now if i run the code like this...
$ ./heap_test 69 100 10
[ptr1] @ 0x9b5a008 contains 10
[ptr2] @ 0x9b5a058 contains 10
Freed ptr1
[ptr3] @ 0x9b5a008 contains 20
After freeing ptr1, the ptr3 starts at a higher memory location tat is the same as that pointed to by ptr1 before getting deallocated...
Hope u can sum up the heap allocation.. also 69 is the lowest value ie after 69 if the ptr3 allocation size is less than the deallocated size of ptr1, then it gets allocated at the location pointed to by ptr1 (before getting deallocated)...Dunno its significance , thought of sharing nevertheless... :)