- 论坛徽章:
- 0
|
malloc利用返回地址前8个字节存储内存管理结构,你可以debug看一下
- int main()
- {
- char *pStr1, *pStr2, *pStr3;
-
- pStr1 = (char *)malloc(sizeof(char) * 1024);
- pStr2 = (char *)malloc(sizeof(char) * 1024);
- pStr3 = (char *)malloc(sizeof(char) * 1024);
- memset(pStr1, 'A', 1024);
- memset(pStr2, 'B', 1024);
- memset(pStr3, 'C', 1024);
- free(pStr1);
- free(pStr2);
- free(pStr3);
- return 0;
- }
复制代码
结果如下所示:
- (gdb) p /x pStr1
- $1 = 0x9c60008
- (gdb) p /x pStr2
- $2 = 0x9c60410
- (gdb) p /x pStr3
- $3 = 0x9c60818
- (gdb) p *(pStr2)
- $4 = 66 'B'
- (gdb) p *(pStr2 - 1)
- $5 = 0 '\0'
- (gdb) p *(pStr2 - 2)
- $6 = 0 '\0'
- (gdb) p *(pStr2 - 3)
- $7 = 4 '\004'
- (gdb) p *(pStr2 - 4)
- $8 = 9 '\t'
- (gdb) p *(pStr2 - 5)
- $9 = 0 '\0'
- (gdb) p *(pStr2 - 6)
- $10 = 0 '\0'
- (gdb) p *(pStr2 - 7)
- $11 = 0 '\0'
- (gdb) p *(pStr2 - 8)
- $12 = 0 '\0'
- (gdb) p *(pStr2 - 9)
- $13 = 65 'A'
复制代码
很明显
pStr2 - pStr1 = 1024 + 8
pStr3 - pStr2 = 1024 + 8 |
|