Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Aug 2001 17:10:20 -0700 (PDT)
From:      Farooq Mela <fmela0@sm.socccd.cc.ca.us>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/29376: Realloc() doesn't (by default) comply with the ANSI C standard, and realloc(ptr, 0) with malloc_sysv set will cause an out of memory error if malloc_xmalloc is also set.
Message-ID:  <200108020010.f720AKf99349@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         29376
>Category:       misc
>Synopsis:       Realloc() doesn't (by default) comply with the ANSI C standard, and realloc(ptr, 0) with malloc_sysv set will cause an out of memory error if malloc_xmalloc is also set.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 01 17:20:19 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Farooq Mela
>Release:        4.3-STABLE
>Organization:
>Environment:
FreeBSD apollo 4.3-STABLE FreeBSD 4.3-STABLE #4: Sun Jul 15 00:58:15 PDT 2001     farooq@apollo:/usr/src/sys/compile/APOLLO  i386
>Description:
The ANSI C standard requires that realloc(ptr, 0) behave the same as free(ptr). This behaviour is available on FreeBSD only if the malloc_options includes 'V' (sysv-style). Secondly, if both 'V' and 'X' are in malloc_options, specifying SysV-style and abort-on-out-of-memory behaviour, then realloc(ptr, 0) will result in realloc free'ing the pointer, and then thinking it is out of memory and abort()ing.
>How-To-Repeat:
#inlude <stdlib.h>

int
main(void)
{
	extern char *malloc_options;
	void *p=NULL;

	malloc_options="VX";	/* set malloc flags */
	p=realloc(p, 50); /* allocate 50 bytes */
	p=realloc(p, 0);  /* this will cause realloc to abort() */
	exit(0);
}
>Fix:
Change line 1132 of /usr/src/lib/libc/stdlib/malloc.c:

-	if (malloc_xmalloc && !r)
+	if (malloc_xmalloc && !r && size)

Change line 1121:

-	if (malloc_sysv && !size)
+	if (ptr && !size)

This will cause the implementation to conform with ANSI as well as fix the problem where it thinks it is out of memory when it is really just freeing the pointer.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108020010.f720AKf99349>