Date: Sun, 2 Jul 2006 16:59:33 +0200 From: Andre Albsmeier <Andre.Albsmeier@siemens.com> To: Pat Lashley <patl+freebsd@volant.org> Cc: freebsd-hackers@freebsd.org, Andre.Albsmeier@siemens.com Subject: Re: Return value of malloc(0) Message-ID: <20060702145933.GB1108@curry.mchp.siemens.de> In-Reply-To: <2FCF78FADC5CAB74EF6D9405@Zelazny> References: <20060628181045.GA54915@curry.mchp.siemens.de> <20060628212956.GI822@wombat.fafoe.narf.at> <805AA34B676EDF411B3CF548@Zelazny> <20060629165629.GA6875@britannica.bec.de> <F08E3BAE0BDAC4061A2A283F@Zelazny> <44odwbu1cu.fsf@be-well.ilk.org> <2FCF78FADC5CAB74EF6D9405@Zelazny>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 30-Jun-2006 at 12:15:21 -0400, Pat Lashley wrote: > >I went wandering through the C Working Group archives for the heck of > >it, and apparently a lot of people were confused over this, thinking > >either as you did or that "unique" meant it would a value unique to > >the usage of malloc(0). It's been clarified recently (and will be in > >the next revision of the standard) to the meaning you understood. > > ... > > >This is wandering into -standards territory, though. In any case, the > >answer to thread's original question is "mozilla should fix its code > >to not assume malloc(0)==NULL". > > Agreed. (With the usual observation that they, too, are a mainly > volunteer-based project; and would probably appreciate the inclusion of a patch Well, I was unsure of the correct behaviour. That's why I came here:-). >From all what I've read so far, I can summarize: - Returning a non-NULL value from malloc(0) is completely legal. - We return a non-NULL value which, when dereferenced, always make the application crash (as a warning). See the commit message of rev. 1.60 of malloc.c: -------------------------------- snip -------------------------- phkmalloc->evilchecks++; If zero bytes are allocated, return pointer to the middle of page-zero (which is protected) so that the programme will crash if it dereferences this illgotten pointer. Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org> -------------------------------- snap -------------------------- - What we do isn't 100% perfect since we always return the same value for each malloc(0). - It was firefox' fault to crash. - The manpage is heavily misleading. Firefox must be fixed but some stuff can be done in FreeBSD as well: - If we keep our current behaviour we have to change the manpage. (As I said before, I could do that if someone will commit it later.) - We could reverse the meaning of the V-flag (or, introduce a new flag to avoid confusion). This would mean that by default a malloc(0) will return NULL in future. The new flag can be used to change this behaviour to the way it was done before: We hand out the value which, when dereferenced, make the programme crash as a warning to the author. We note in the manpage that it is not 100% legal since we always use the same value. > with the bug report. And, of course, that the original poster of this thread > should file a bug report with the Mozilla project.) Please see: https://bugzilla.mozilla.org/show_bug.cgi?id=343283 It wasn't me who created this PR but the author of the extension which actually revealed the bug. -Andre -- UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, and DOS is a bootsector virus.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060702145933.GB1108>