这是未定义行为吗?
@幻の上帝 

你是说非常规的new？

嗯。

是像delete (C*)malloc(sizeof(C))这种吗？这是未定义的，而且经常会破坏堆

可以这么理解。

实际是给函数传递非法参数，函数会干什么谁知道……

Using delete on a pointer to an object not allocated with new gives unpredictable results. //来源MSDN

如果操作数是空指针，那么没效果。
其它情况下，C++03没说清楚（数组形式则说清楚需要是new-operator分配的），估计是个bug，会有CWT的defect report，等等去找找。
C++0x则明确地说明会引起undefined behavior。
ISO C++03：
5.3.5/2
... In either alternative, if the value of the operand of delete is the null pointer the operation has no effect. In the first alternative (delete object), the value of the operand of delete shall be a pointer to a non-array object or a pointer to a sub-object (1.8) representing a base class of such an object (clause
10). If not, the behavior is undefined. In the second alternative (delete array), the value of the operand of delete shall be the pointer value which resulted from a previous array new-expression.72) If not, the behavior is undefined.
72) For non-zero-length arrays, this is the same as a pointer to the first element of the array created by that new-expression. Zero-length arrays do not have a first element.
ISO C++0x(N3242)：
5.3.5/2 ...In the first alternative (delete object), the value of the operand of delete may be a null pointer value, a pointer to a non-array object created by a previous new-expression, or a pointer to a subobject (1.8)
representing a base class of such an object (Clause 10). If not, the behavior is undefined. In the second alternative (delete array), the value of the operand of delete may be a null pointer value or a pointer value that resulted from a previous array new-expression.78
78) For non-zero-length arrays, this is the same as a pointer to the first element of the array created by that new-expression. Zero-length arrays do not have a first element.


口胡，CWT→CWG。。
找到了（地址已被度娘吃→ →）
C++ Standard Core Language Defect Reports, Revision 76
1037. Requirements for operands of delete-expressions and deallocation functions

虽然是这样说，我认为只要用定位new将内存初始化了就不会有问题。

指针直接调析构，然后内存free

好吧，表示漏看了LZ“常规”两个字。。
那么看你底层是怎么搞到的了。。。
比如：
#include <cstdlib>
#include <new>
int main()
{
{
char* p = static_cast<char*>(std::malloc(1000));
char* q = new(p) char[1000/sizeof(char)]; // post-condition: q == p;
delete q; // equivilent to delete p, which is not resulted from a new-expression, causes undefined behavior;
}
{
char* p = new char[1000];
char* q = new(p) char[1000/sizeof(char)]; // post-condition: q == p;
delete q; // well-formed, equivalent to delete p at once, and both p and q become invalid pointers due to the call of deallocation function;
delete p; // double-deletion definitely leads to undefined behavior, for invalid pointer passed to deallocation function;
}
}


equivilent→equivalent...

这个不就是某段内存已经释放了还要释放一次，当然会出错了。
按理说假如new返回的地址是分配内存的首地址，系统又没有两种动态分配内存的方式（是系统），delete又仅是释放内存（没有析构函数或用默认析构函数）就不会有问题。

比如这么一段代码：
struct Foo
{
};
//...
Foo *f = (Foo *)malloc(sizeof(Foo) * 2) + 1;
new (Foo) f;
delete f;
free(--f);

@幻の上帝
@飞翔的天地
@RichSelian
@寒云似雾
求解

显然内存重复释放了

可是delete不是不能释放malloc出来的东西么

另外为什么要用malloc呢？new并不一定调用malloc的。
Foo* f=static_cast<Foo*>(::operator new(2 * sizeof(Foo)));

重复释放内存在这里只是对比举例……尽管都会引起UB，但是不见得是可观察的错误。系统有几种动态分配内存的方式系统，通过核心语言特性是无法判断的。
上面那个例子可能不太清楚，换成这个
char* p = static_cast<char*>(std::malloc(1000));
int* q = new(p) int[1000/sizeof(int)];
delete q;
就应该比较明确的会引起UB了。