malloc(0) returns 0x800 on FreeBSD 6.2 ?
Luigi Rizzo
rizzo at icir.org
Mon Dec 11 11:08:54 PST 2006
On Mon, Dec 11, 2006 at 12:54:11PM -0600, Dan Nelson wrote:
> In the last episode (Dec 11), Dan Nelson said:
> > In the last episode (Dec 11), Luigi Rizzo said:
> > > i was debugging a program on FreeBSD 6, and much to my surprise, i
> > > noticed that malloc(0) returns 0x800, as shown by this program:
> > >
> > > > more a.c
> > > #include <stdio.h>
> > > int main(int argc, char *argv[])
> > > {
> > > char *p = malloc(0);
> > > printf(" malloc 0 returns %p\n", p);
> > > }
> > > > cc -o a a.c
> > > > ./a
> > > malloc 0 returns 0x800
> > >
> > > if you look at the source this is indeed clear - internally the 0x800
> > > is ZEROSIZEPTR and is set when a zero length is passed to malloc()
> > > unless you have malloc_sysv set.
> >
> > Right, it passed you a pointer to which you may write 0 bytes to;
> > exactly what the program asked for :)
> >
> > The FreeBSD 6.x behaviour is slightly against POSIX rules that state
> > all successful malloc calls must return unique pointers, so the 7.x
> > malloc silently rounds zero-size mallocs to 1. Ideally malloc would
> > return unique pointers to blocks of memory set to MPROT_NONE via
> > mprotect() (you could fit 8192 of these pointers in an 8k page), to
> > prevent applications from using that byte of memory.
>
> Also note that the 0x800 behaviour was added to malloc.c rev 1.60 back
> in 2001, which means that all of the 5.x and 6.x releases did this.
yep, just found out various threads on the mailing lists,
but i first looked at the manpage and was surprised of
not seeing it documented.
I haven't figured out what the conclusion of the discussion was.
I am glad that 7.x changes the behaviour back to what it was on 4.x,
cheers
luigi
More information about the freebsd-stable
mailing list