double free/free invalid pointer

释放无效指针：

        p=(char *)malloc(sizeof(char));
        printf("p=0x%08x", p);
        sleep(2);
        free(p + 1);

静态编译：

arm-none-linux-gnueabi-gcc -static -o test_free2 main.c

ubuntu上运行结果：

*** glibc detected *** ./test_free2: free(): invalid pointer: 0x00098fa1 ***

======= Backtrace: =========
[0xecb0]
[0x8ce0]
[0xa8c0]
======= Memory map: ========
00008000-0008e000 r-xp 00000000 08:06 69796078                           /home/temp/zzz_free2time/test_free2
00095000-00096000 rw-p 00085000 08:06 69796078                           /home/temp/zzz_free2time/test_free2
00096000-00098000 rwxp 00000000 00:00 0 
00098000-000bb000 rw-p 00000000 00:00 0 
40000000-40080000 rw-p 00000000 00:00 0 
40080000-40081000 ---p 00000000 00:00 0 
40081000-40083000 rw-p 00000000 00:00 0 
60000000-6018e000 r-xp 00000000 08:11 15346523                           /usr/bin/qemu-arm-static
6028d000-60293000 rw-p 0028d000 08:11 15346523                           /usr/bin/qemu-arm-static
60293000-60296000 rw-p 00000000 00:00 0 
60296000-62297000 rwxp 00000000 00:00 0 
62297000-622e0000 rw-p 00000000 00:00 0 
622e0000-622e1000 rwxp 00000000 00:00 0 
622e1000-622f6000 rw-p 00000000 00:00 0 
6379c000-637bf000 rw-p 00000000 00:00 0                                  [heap]
7f3e1435f000-7f3e143df000 rw-p 00000000 00:00 0 
7f3e143e0000-7f3e17be5000 rw-p 00000000 00:00 0 
7fff8d7e4000-7fff8d80b000 rw-p 00000000 00:00 0                          [stack]
7fff8d8d1000-7fff8d8d2000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
p=0x00098fa0qemu: uncaught target signal 6 (Aborted) - core dumped

Aborted

在arm Cotex A9上运行结果：

*** glibc detected *** ./zzz: free(): invalid pointer: 0x017cb049 ***
======= Backtrace: =========
[0xecb0]
[0x8ce0]
[0xa8c0]
======= Memory map: ========
00008000-0008e000 r-xp 00000000 00:01 117151     /zzz
00095000-00096000 rw-p 00085000 00:01 117151     /zzz
00096000-00098000 rw-p 00000000 00:00 0 
017ca000-017ec000 rw-p 00000000 00:00 0          [heap]
b6f56000-b6f58000 rw-p 00000000 00:00 0 
bedfa000-bee1b000 rw-p 00000000 00:00 0          [stack]
ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
p=0x017cb048Aborted 

（没有使能coredump）

一块memory释放两次：

        p=(char *)malloc(sizeof(char));
        printf("p=0x%08x", p);
        sleep(2);
        free(p);
        printf("p=0x%08x after free 1st", p);
        sleep(2);
        free(p);
        printf("p=0x%08x after free 2nd", p);

静态编译：

arm-none-linux-gnueabi-gcc -static -o test_free2 main.c

ubuntu上运行结果：

*** glibc detected *** ./test_free2: double free or corruption (fasttop): 0x00098fa0 ***
======= Backtrace: =========
[0xece0]
[0x8cf8]
[0xa8f8]
======= Memory map: ========
00008000-0008e000 r-xp 00000000 08:06 69796078                           /home/temp/zzz_free2time/test_free2
00095000-00096000 rw-p 00085000 08:06 69796078                           /home/temp/zzz_free2time/test_free2
00096000-00098000 rwxp 00000000 00:00 0 
00098000-000bb000 rw-p 00000000 00:00 0 
40000000-40080000 rw-p 00000000 00:00 0 
40080000-40081000 ---p 00000000 00:00 0 
40081000-40083000 rw-p 00000000 00:00 0 
60000000-6018e000 r-xp 00000000 08:11 15346523                           /usr/bin/qemu-arm-static
6028d000-60293000 rw-p 0028d000 08:11 15346523                           /usr/bin/qemu-arm-static
60293000-60296000 rw-p 00000000 00:00 0 
60296000-62297000 rwxp 00000000 00:00 0 
62297000-622e0000 rw-p 00000000 00:00 0 
622e0000-622e1000 rwxp 00000000 00:00 0 
622e1000-622f6000 rw-p 00000000 00:00 0 
62999000-629bc000 rw-p 00000000 00:00 0                                  [heap]
7f3ccaed7000-7f3ccaf57000 rw-p 00000000 00:00 0 
7f3ccaf58000-7f3cce75d000 rw-p 00000000 00:00 0 
7fff8fc9c000-7fff8fcc4000 rw-p 00000000 00:00 0                          [stack]
7fff8fdff000-7fff8fe00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
p=0x00098fa0p=0x00098fa0 after free 1stqemu: uncaught target signal 6 (Aborted) - core dumped
Aborted

在arm Cotex A9上运行结果：

*** glibc detected *** ./zzz: double free or corruption (fasttop): 0x01c46048 ***
======= Backtrace: =========
[0xece0]
[0x8cf8]
[0xa8f8]
======= Memory map: ========
00008000-0008e000 r-xp 00000000 00:01 117151     /zzz
00095000-00096000 rw-p 00085000 00:01 117151     /zzz
00096000-00098000 rw-p 00000000 00:00 0 
01c45000-01c67000 rw-p 00000000 00:00 0          [heap]
b6f95000-b6f97000 rw-p 00000000 00:00 0 
beb51000-beb72000 rw-p 00000000 00:00 0          [stack]
ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]
p=0x01c46048p=0x01c46048 after free 1stAborted 

在ubuntu环境下能运行 arm-none-linux-gnueabi-gcc 编译出来的程序，得益于 qemu-arm

ls /proc/sys/fs/binfmt_misc/qemu-
qemu-alpha        qemu-armeb        qemu-m68k         qemu-mips         qemu-ppc          qemu-ppc64abi32   qemu-sh4eb        qemu-sparc32plus
qemu-arm          qemu-cris         qemu-microblaze   qemu-mipsel       qemu-ppc64        qemu-sh4          qemu-sparc        qemu-sparc64

后面再仔细研究一下。