How free memory after of realloc

Question

Is correct ways to free up memory in this code?

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main( void ){

    char *string1, *string2;
    string1 = (char*) malloc(16);

    strcpy(string1, "0123456789AB");

    string2 = realloc(string1, 8);

    printf("string1 Valor: %p [%s]\n", string1, string1);
    printf("string2 Valor: %p [%s]\n", string2, string2);

    free(string1);
    free(string2);
    return 0;
}

Since the two pointers point to the same direction

Answer 1

I think your confusion comes from the (uninspired) expression "free pointers" (you used in your post, but edited it out since). You don't free pointers. You free memory. The pointer is just telling which memory.

---

In your example you have: the memory obtained from malloc. string1 points to this memory. Then when you call realloc a new memory block is obtained (possibly starting at the same address, possibly not), but realloc takes care to release the old one if needed (and is therefore undefined behavior to access or free it yourself). string2 points to this new memory block.

So you have to free just the memory block obtained from realloc. string2 points to that memory.

Answer 2

In short, no.

Per the C Standard:

7.22.3.5 The realloc function

...

The realloc function deallocates the old object pointed to by ptr and returns a pointer to a new object that has the size specified by size. The contents of the new object shall be the same as that of the old object prior to deallocation, up to the lesser of the new and old sizes. Any bytes in the new object beyond the size of the old object have indeterminate values.

Once you call realloc(), you do not have to free() the memory addressed by pointer passed to realloc() - you have to free() the memory addressed by the pointer realloc() returns. (Unless realloc() returns NULL, in which case the original block of memory - passed to realloc() - has to be free()'d.)

Answer 3

When you call realloc, either the returned pointer is the same as the original, or a new pointer is returned and the original pointer becomes invalid. In the first case, calling free on both string1 and string2 results in a double-free since the pointers are equal. In the second case, calling free on string1 is a double-free since it was already freed.

So either way you have a double-free which results in undefined behavior.

From the man page for realloc:

void *realloc(void *ptr, size_t size);

The realloc() function changes the size of the memory block pointed to by ptr to size bytes. The contents will be unchanged in the range from the start of the region up to the minimum of the old and new sizes. If the new size is larger than the old size, the added memory will not be initialized. If ptr is NULL, then the call is equivalent to malloc(size), for all values of size; if size is equal to zero, and ptr is not NULL, then the call is equivalent to free(ptr). Unless ptr is NULL, it must have been returned by an earlier call to malloc(), calloc() or realloc(). If the area pointed to was moved, a free(ptr) is done.

The realloc() function returns a pointer to the newly allocated memory, which is suitably aligned for any kind of variable and may be different from ptr, or NULL if the request fails.

Also from the man page for free:

The free() function frees the memory space pointed to by ptr, which must have been returned by a previous call to malloc(), calloc() or realloc(). Otherwise, or if free(ptr) has already been called before, undefined behavior occurs. If ptr is NULL, no operation is performed.

You only need to free(string2).

Answer 4

The realloc implicity frees the input, it may not do anything at all, but you cannot free it after to re-alloced memory. So

char *string1, *string2;
string1 = (char*) malloc(16);
....
string2 = realloc(string1, 8);  // this line implicitly frees string1

free(string1); // this is wrong !!!
free(string2);

Answer 5

Short answer: in your code, calling free(string2) is correct, and sufficient. Calling free(string1) is incorrect.

When you called realloc (and assuming that the call succeeded), its return value (which you stored in string2) became the one and only way to refer to the one block of memory that you have.

It may be that realloc resized your memory block "in place", meaning that the values of string2 and string1 are equal. In that case, calling free(string1) is wrong because you're freeing the same pointer twice.

It may be that realloc moved your data to a new place in the process of resizing it. In that case, the values of string2 and string1 are unequal. But in that case, after it finds a new place for your data and copies it there, realloc automatically frees the old block for you. So, again, calling free(string1) is wrong because you're freeing an already-freed pointer.

Answer 6

Think of realloc as something equivalent to:

void *
realloc(void *old, size_t new_size)
{
    size_t old_size = magic_internal_function_that_knows_the_size_of(old);
    void *new = malloc(new_size);
    if (new == NULL)
        return NULL;
    memcpy(new, old, new_size > old_size ? old_size : new_size);
    free(old);
    return new;
}

If you have the magic function that can figure out how big an allocation is from the pointer, you can implement realloc yourself like this. malloc pretty much must have this function internally for free to work.

realloc can also do clever things like figuring out that you're reallocating to a smaller size and just free part of your allocation or figure out that you're growing your allocation and there's enough space after to fit it. But you don't need to think about those cases. Thinking that realloc is malloc+memcpy+free will not mislead you except that you need to remember that realloc failing and returning NULL means it didn't do the free.