Nathan Dorfman <[email protected]> wrote: > free() doesn't usually "free memory back to the system." It just puts > it back onto a "free list" managed by libc, entirely within the > process's address space. > > "Use after free" is actually a rather common type of bug -- do a web > search on that term to see just how often it comes up. Ahhh, so (simplifying it here somewhat), malloc/free don't always affect the kernels own representation of the processes memory allocation, as part of libc behaves a bit like a cache - buffering and managing requests in userspace, so as to make things run more efficiently. Thanks for the reply - my question wasn't quite as stupid as I feared! Cheers, Jamie _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"