From owner-freebsd-current@FreeBSD.ORG Thu Dec 2 05:41:51 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C50AF16A4CE for ; Thu, 2 Dec 2004 05:41:51 +0000 (GMT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FDFC43D66 for ; Thu, 2 Dec 2004 05:41:51 +0000 (GMT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:200:0:8002:200:39ff:fed7:e2e4]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 57D241521D; Thu, 2 Dec 2004 14:41:49 +0900 (JST) Date: Thu, 02 Dec 2004 14:41:57 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: davids@webmaster.com In-Reply-To: References: User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: current@FreeBSD.org Subject: Re: malloc(0) returns an invalid address X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 05:41:51 -0000 >>>>> On Wed, 1 Dec 2004 07:49:54 -0800, >>>>> "David Schwartz" said: >> % ./a.out >> address of p is 0x800 >> zsh: 645 segmentation fault (core dumped) ./a.out > This should fault. Although the return value of 'malloc(0)' is a valid > pointer, once you cast it to a 'char *', you cannot dereference it because > it does not point to a character. This same problem would occur with > 'malloc(1)' and 'int *'. I expected the answer:-) This is probably a matter of the definition of "validness", and I won't argue about this point. (and, of course, it cannot be justified to dereference a zero-length pointer, whether the result is segfault or not) BTW: the "same problem" (of segfault) does actually NOT occur with malloc(1) and int * on FreeBSD 5.3 (i386). I suspect malloc(3) takes a special action with the size of zero. >> So, if we wanted to call 0x800 "a valid pointer just with >> not-enough-size", it would be fine. But then we need to implement the >> same logic in the kernel to provide consistent behavior. (I would >> "fix" the malloc behavior though). > The malloc behavior is not broken, so it cannot be fixed. The kernel check > semantics in 'useracc' are wrong for zero lengths. Okay, I'll be happy as long as the library and the kernel provide the consistent behavior on which pointer is "valid". Thanks, JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp p.s. is it better for me to file a separate bug report on this?