Nathan Dorfman <na@rtfm.net> wrote: > free() doesn't usually "free memory back to the system." It just puts > it back onto a "free list" managed by libc, entirely within the > process's address space. > > "Use after free" is actually a rather common type of bug -- do a web > search on that term to see just how often it comes up. Ahhh, so (simplifying it here somewhat), malloc/free don't always affect the kernels own representation of the processes memory allocation, as part of libc behaves a bit like a cache - buffering and managing requests in userspace, so as to make things run more efficiently. Thanks for the reply - my question wasn't quite as stupid as I feared! Cheers, Jamie _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"