What happens to memory after free()?

Question

I know that on you hard drive, if you delete a file, the data is not (instantly) gone. The data is still there until it is overwritten. I was wondering if a similar concept

Answer 1

Your analogy is correct. The data in memory doesn't disappear or anything like that; the values may indeed still be there after a free(), though attempting to read from freed memory is undefined behaviour.

Answer 2

The answer depends highly on the implementation. On a good implementation, it's likely that at least the beginning (or the end?) of the memory will be overwritten with bookkeeping information for tracking free chunks of memory that could later be reused. However the details will vary. If your program has any level of concurrency/threads (even in the library implementation you might not see), then such memory could be clobbered asynchronously, perhaps even in such a way that even reading it is dangerous. And of course the implementation of free might completely unmap the address range from the program's virtual address space, in which case attempting to do anything with it will crash your program.

From a standpoint of an application author, you should simply treat free according to the specification and never access freed memory. But from the standpoint of a systems implementor or integrator, it might be useful to know (or design) the implementation, in which case your question is then interesting.

Answer 3

If you want to verify the behaviour for your implementation, the simple program below will do that for you.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* The number of memory bytes to test */
#define MEM_TEST_SIZE 256

void outputMem(unsigned char *mem, int length)
{
    int i;

    for (i = 0; i < length; i++) {
        printf("[%02d]", mem[i] );
    }   
}

int bytesChanged(unsigned char *mem, int length)
{
    int i;
    int count = 0;

    for (i = 0; i < MEM_TEST_SIZE; i++) {
        if (mem[i] != i % 256)
            count++;
    }
    return count;
}

main(void)
{
    int i;
    unsigned char *mem = (unsigned char *)malloc(MEM_TEST_SIZE);

    /* Fill memory with bytes */
    for (i = 0; i < MEM_TEST_SIZE; i++) {
        mem[i] = i % 256;
    }

    printf("After malloc and copy to new mem location\n");
    printf("mem = %ld\n", mem );
    printf("Contents of mem: ");
    outputMem(mem, MEM_TEST_SIZE);

    free(mem);
    printf("\n\nAfter free()\n");
    printf("mem = %ld\n", mem );
    printf("Bytes changed in memory = %d\n", bytesChanged(mem, MEM_TEST_SIZE) );
    printf("Contents of mem: ");
    outputMem(mem, MEM_TEST_SIZE);


}

Answer 4

Generally, it does stay around, unless you explicitly overwrite the string before freeing it (like people sometimes do with passwords). Some library implementations automatically overwrite deallocated memory to catch accesses to it, but that is not done in release mode.