From owner-freebsd-stable@FreeBSD.ORG  Mon Dec 11 18:05:52 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id EC0D016A4A0
	for <stable@freebsd.org>; Mon, 11 Dec 2006 18:05:52 +0000 (UTC)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9750D43D58
	for <stable@freebsd.org>; Mon, 11 Dec 2006 17:43:17 +0000 (GMT)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.11/8.13.6) with ESMTP id kBBHiN4K045296;
	Mon, 11 Dec 2006 09:44:23 -0800 (PST)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.11/8.12.3/Submit) id kBBHiNZg045295;
	Mon, 11 Dec 2006 09:44:23 -0800 (PST) (envelope-from rizzo)
Date: Mon, 11 Dec 2006 09:44:23 -0800
From: Luigi Rizzo <rizzo@icir.org>
To: stable@freebsd.org
Message-ID: <20061211094423.B44819@xorpc.icir.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Cc: 
Subject: malloc(0) returns 0x800 on FreeBSD 6.2 ?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2006 18:05:53 -0000

i was debugging a program on FreeBSD 6, and much to my
surprise, i noticed that malloc(0) returns 0x800, as shown
by this program:

	> more a.c
	#include <stdio.h>
	int main(int argc, char *argv[])
	{
		char *p = malloc(0);
		printf(" malloc 0 returns %p\n", p);
	}
	> cc -o a a.c
	> ./a
	 malloc 0 returns 0x800

if you look at the source this is indeed clear - internally
the 0x800 is ZEROSIZEPTR and is set when a zero length is
passed to malloc() unless you have malloc_sysv set.

The thing is, i don't know if this behaviour is intentional or not,
but certainly is not documented -- the manpage documents
something totally different (in the section for the 'V'
MALLOC_OPTION, see below).

  TUNING
     ...
     V       Attempting to allocate zero bytes will return a NULL pointer
             instead of a valid pointer.  (The default behavior is to make a
             minimal allocation and return a pointer to it.)  This option is
             provided for System V compatibility.  This option is incompatible
             with the ``X'' option.


So what should we do with this ? Just fix the manpage or fix the
code ? This behaviour is likely to break quite a few things...

	cheers
	luigi