https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67451
--- Comment #9 from Dominik Vogt <vogt at linux dot vnet.ibm.com> --- I.e. free(0x1) is called: Load foobar.1497 to r12 0x0000000080000998 <+40>: larl %r12,0x80002408 <foobar.1497> (gdb) p /x $r12 0x80002408 First malloc call, store mem pointer in foobar.1497 0x00000000800009c6 <+86>: brasl %r14,0x80000788 <malloc@plt> 0x00000000800009cc <+92>: stg %r2,0(%r12) Second malloc call, store mem pointer in some_local_object.1511 0x0000000080000ae8 <+376>: brasl %r14,0x80000788 <malloc@plt> 0x0000000080000aee <+382>: stgrl %r2,0x800023d0 <some_local_object.1511> Load address of some_local_object.1511 to r1 0x0000000080000afa <+394>: larl %r1,0x800023d0 <some_local_object.1511> Write something to r1 + 16, r1 + 32, r1 + 40, r1 + 24 0x0000000080000b00 <+400>: mvghi 16(%r1),297 0x0000000080000b06 <+406>: stg %r11,32(%r1) 0x0000000080000b0c <+412>: stg %r8,40(%r1) 0x0000000080000b12 <+418>: mvghi 24(%r1),1 This overwrites foobar.1497 with the value 1: 0x0000000080000b18 <+424>: mvghi 56(%r1),1 (gdb) p /x $r1 + 56 0x80002408 <-- address of foobar.1497