And let there be light... DANG.. well it almost blinded me. I was confusing with char[16], which has the +1 byte for the null terminating, but the malloc(16) hasn't...
No, that's still not quite it...
char[16] allocates exactly 16 characters. Period. There's no extra space on the end for the terminating nul. If you try to put a sixteen character string into this array, the terminating nul will slop over onto whatever follows this array in memory.
malloc(16) is essentially the same. The difference is that there might not be something right there to be clobbered. malloc tends to round up the number of bytes to something convenient. It's easier to manage a pool of things that are all the same size than a zillion different sizes. 16 is pretty small -- the linux malloc might round everything smaller than 20 bytes or 24 bytes (why 20 or 24? That's another story...) to 20 or 24 bytes bytes just to make its life easier. Therefore it's giving you four "extra" bytes and the nul can clobber them without causing you to notice the bug.
-Dan
Yes. Thanks ;).
-- Alin-Adrian Anton Reversed Hell Networks GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E) gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
