malloc(0) returns 0x800 on FreeBSD 6.2 ?
Dan Nelson
dnelson at allantgroup.com
Mon Dec 11 11:04:48 PST 2006
In the last episode (Dec 11), Dan Nelson said:
> In the last episode (Dec 11), Luigi Rizzo said:
> > i was debugging a program on FreeBSD 6, and much to my surprise, i
> > noticed that malloc(0) returns 0x800, as shown by this program:
> >
> > > more a.c
> > #include <stdio.h>
> > int main(int argc, char *argv[])
> > {
> > char *p = malloc(0);
> > printf(" malloc 0 returns %p\n", p);
> > }
> > > cc -o a a.c
> > > ./a
> > malloc 0 returns 0x800
> >
> > if you look at the source this is indeed clear - internally the 0x800
> > is ZEROSIZEPTR and is set when a zero length is passed to malloc()
> > unless you have malloc_sysv set.
>
> Right, it passed you a pointer to which you may write 0 bytes to;
> exactly what the program asked for :)
>
> The FreeBSD 6.x behaviour is slightly against POSIX rules that state
> all successful malloc calls must return unique pointers, so the 7.x
> malloc silently rounds zero-size mallocs to 1. Ideally malloc would
> return unique pointers to blocks of memory set to MPROT_NONE via
> mprotect() (you could fit 8192 of these pointers in an 8k page), to
> prevent applications from using that byte of memory.
Also note that the 0x800 behaviour was added to malloc.c rev 1.60 back
in 2001, which means that all of the 5.x and 6.x releases did this.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-stable
mailing list