malloc(0) returns 0x800 on FreeBSD 6.2 ?
Dan Nelson
dnelson at allantgroup.com
Mon Dec 11 10:47:43 PST 2006
In the last episode (Dec 11), Luigi Rizzo said:
> i was debugging a program on FreeBSD 6, and much to my surprise, i
> noticed that malloc(0) returns 0x800, as shown by this program:
>
> > more a.c
> #include <stdio.h>
> int main(int argc, char *argv[])
> {
> char *p = malloc(0);
> printf(" malloc 0 returns %p\n", p);
> }
> > cc -o a a.c
> > ./a
> malloc 0 returns 0x800
>
> if you look at the source this is indeed clear - internally the 0x800
> is ZEROSIZEPTR and is set when a zero length is passed to malloc()
> unless you have malloc_sysv set.
Right, it passed you a pointer to which you may write 0 bytes to;
exactly what the program asked for :)
The FreeBSD 6.x behaviour is slightly against POSIX rules that state
all successful malloc calls must return unique pointers, so the 7.x
malloc silently rounds zero-size mallocs to 1. Ideally malloc would
return unique pointers to blocks of memory set to MPROT_NONE via
mprotect() (you could fit 8192 of these pointers in an 8k page), to
prevent applications from using that byte of memory.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-stable
mailing list