Return value of malloc(0)
Andre Albsmeier
Andre.Albsmeier at siemens.com
Sun Jul 2 14:59:38 UTC 2006
On Fri, 30-Jun-2006 at 12:15:21 -0400, Pat Lashley wrote:
> >I went wandering through the C Working Group archives for the heck of
> >it, and apparently a lot of people were confused over this, thinking
> >either as you did or that "unique" meant it would a value unique to
> >the usage of malloc(0). It's been clarified recently (and will be in
> >the next revision of the standard) to the meaning you understood.
>
> ...
>
> >This is wandering into -standards territory, though. In any case, the
> >answer to thread's original question is "mozilla should fix its code
> >to not assume malloc(0)==NULL".
>
> Agreed. (With the usual observation that they, too, are a mainly
> volunteer-based project; and would probably appreciate the inclusion of a patch
Well, I was unsure of the correct behaviour. That's why I came here:-).
>From all what I've read so far, I can summarize:
- Returning a non-NULL value from malloc(0) is completely legal.
- We return a non-NULL value which, when dereferenced, always make
the application crash (as a warning). See the commit message of
rev. 1.60 of malloc.c:
-------------------------------- snip --------------------------
phkmalloc->evilchecks++;
If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the programme will crash if it dereferences
this illgotten pointer.
Inspired & Urged by: Theo de Raadt <deraadt at cvs.openbsd.org>
-------------------------------- snap --------------------------
- What we do isn't 100% perfect since we always return the
same value for each malloc(0).
- It was firefox' fault to crash.
- The manpage is heavily misleading.
Firefox must be fixed but some stuff can be done in FreeBSD as well:
- If we keep our current behaviour we have to change the manpage.
(As I said before, I could do that if someone will commit it later.)
- We could reverse the meaning of the V-flag (or, introduce a new
flag to avoid confusion). This would mean that by default a
malloc(0) will return NULL in future. The new flag can be used
to change this behaviour to the way it was done before: We hand
out the value which, when dereferenced, make the programme crash
as a warning to the author. We note in the manpage that it is
not 100% legal since we always use the same value.
> with the bug report. And, of course, that the original poster of this thread
> should file a bug report with the Mozilla project.)
Please see:
https://bugzilla.mozilla.org/show_bug.cgi?id=343283
It wasn't me who created this PR but the author of the extension
which actually revealed the bug.
-Andre
--
UNIX is an operating system, OS/2 is half an operating system,
Windows is a shell, and DOS is a bootsector virus.
More information about the freebsd-hackers
mailing list