From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 2 14:59:38 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84FB716A40F for ; Sun, 2 Jul 2006 14:59:38 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id B334B43D45 for ; Sun, 2 Jul 2006 14:59:36 +0000 (GMT) (envelope-from Andre.Albsmeier@siemens.com) Received: from mail3.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.12.6/8.12.6) with ESMTP id k62ExZd5007556; Sun, 2 Jul 2006 16:59:35 +0200 Received: from ims.mchp.siemens.de (ims.mchp.siemens.de [139.25.31.39]) by mail3.siemens.de (8.12.6/8.12.6) with ESMTP id k62ExYAH003564; Sun, 2 Jul 2006 16:59:35 +0200 Received: from mail-ct.mchp.siemens.de (mail-ct.mchp.siemens.de [139.25.31.51]) by ims.mchp.siemens.de with ESMTP id k62ExYJQ020630; Sun, 2 Jul 2006 16:59:34 +0200 (MEST) Received: from curry.mchp.siemens.de (curry [139.25.40.130]) by mail-ct.mchp.siemens.de (8.12.11/8.12.11) with ESMTP id k62ExYTA008817; Sun, 2 Jul 2006 16:59:34 +0200 (MEST) Received: (from localhost) by curry.mchp.siemens.de (8.13.6/8.13.6) id k62ExX7n086703; Date: Sun, 2 Jul 2006 16:59:33 +0200 From: Andre Albsmeier To: Pat Lashley Message-ID: <20060702145933.GB1108@curry.mchp.siemens.de> References: <20060628181045.GA54915@curry.mchp.siemens.de> <20060628212956.GI822@wombat.fafoe.narf.at> <805AA34B676EDF411B3CF548@Zelazny> <20060629165629.GA6875@britannica.bec.de> <44odwbu1cu.fsf@be-well.ilk.org> <2FCF78FADC5CAB74EF6D9405@Zelazny> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2FCF78FADC5CAB74EF6D9405@Zelazny> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.11 Cc: freebsd-hackers@freebsd.org, Andre.Albsmeier@siemens.com Subject: Re: Return value of malloc(0) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2006 14:59:38 -0000 On Fri, 30-Jun-2006 at 12:15:21 -0400, Pat Lashley wrote: > >I went wandering through the C Working Group archives for the heck of > >it, and apparently a lot of people were confused over this, thinking > >either as you did or that "unique" meant it would a value unique to > >the usage of malloc(0). It's been clarified recently (and will be in > >the next revision of the standard) to the meaning you understood. > > ... > > >This is wandering into -standards territory, though. In any case, the > >answer to thread's original question is "mozilla should fix its code > >to not assume malloc(0)==NULL". > > Agreed. (With the usual observation that they, too, are a mainly > volunteer-based project; and would probably appreciate the inclusion of a patch Well, I was unsure of the correct behaviour. That's why I came here:-). >From all what I've read so far, I can summarize: - Returning a non-NULL value from malloc(0) is completely legal. - We return a non-NULL value which, when dereferenced, always make the application crash (as a warning). See the commit message of rev. 1.60 of malloc.c: -------------------------------- snip -------------------------- phkmalloc->evilchecks++; If zero bytes are allocated, return pointer to the middle of page-zero (which is protected) so that the programme will crash if it dereferences this illgotten pointer. Inspired & Urged by: Theo de Raadt -------------------------------- snap -------------------------- - What we do isn't 100% perfect since we always return the same value for each malloc(0). - It was firefox' fault to crash. - The manpage is heavily misleading. Firefox must be fixed but some stuff can be done in FreeBSD as well: - If we keep our current behaviour we have to change the manpage. (As I said before, I could do that if someone will commit it later.) - We could reverse the meaning of the V-flag (or, introduce a new flag to avoid confusion). This would mean that by default a malloc(0) will return NULL in future. The new flag can be used to change this behaviour to the way it was done before: We hand out the value which, when dereferenced, make the programme crash as a warning to the author. We note in the manpage that it is not 100% legal since we always use the same value. > with the bug report. And, of course, that the original poster of this thread > should file a bug report with the Mozilla project.) Please see: https://bugzilla.mozilla.org/show_bug.cgi?id=343283 It wasn't me who created this PR but the author of the extension which actually revealed the bug. -Andre -- UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, and DOS is a bootsector virus.