On Sun, Apr 20, 2014 at 2:31 PM, Jamie Landeg-Jones <[email protected]> wrote: > Once memory has been freed, I thought any attempt by a user process to > access it would cause a SIGSEV. > > I thought the issue was with programs that inadvertantly expose (either > to read or write) other parts of their active memory. > > Of course, if a process rolls it's own in-process implementation > of malloc/free, then this point is moot, but once you free memory back > to the system, isn't in no longer accessable anyway? free() doesn't usually "free memory back to the system." It just puts it back onto a "free list" managed by libc, entirely within the process's address space. "Use after free" is actually a rather common type of bug -- do a web search on that term to see just how often it comes up. -nd. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"