From owner-freebsd-current@FreeBSD.ORG  Thu Dec  2 10:44:26 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3F5F516A4CE
	for <current@FreeBSD.org>; Thu,  2 Dec 2004 10:44:26 +0000 (GMT)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 35B2643D2D
	for <current@FreeBSD.org>; Thu,  2 Dec 2004 10:44:25 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 25878 invoked from network); 2 Dec 2004 10:35:28 -0000
Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47])
          (envelope-sender <andre@freebsd.org>)
          by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
          for <>; 2 Dec 2004 10:35:28 -0000
Message-ID: <41AEF204.2070402@freebsd.org>
Date: Thu, 02 Dec 2004 11:44:20 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.8a5) Gecko/20041122
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ""
References: <y7vfz2qpltw.wl@ocean.jinmei.org>
	<MDEHLPKNGKAHNMBLJOLKMEAKADAB.davids@webmaster.com>
	<y7v1xe9p87u.wl@ocean.jinmei.org>
In-Reply-To: <y7v1xe9p87u.wl@ocean.jinmei.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
cc: current@FreeBSD.org
Subject: Re: malloc(0) returns an invalid address
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2004 10:44:26 -0000

JINMEI Tatuya / 神明達哉 wrote:
>>>>>>On Wed, 1 Dec 2004 07:49:54 -0800, 
>>>>>>"David Schwartz" <davids@webmaster.com> said:
> 
>>>% ./a.out
>>>address of p is 0x800
>>>zsh: 645 segmentation fault (core dumped)  ./a.out
> 
>>	This should fault. Although the return value of 'malloc(0)' is a valid
>>pointer, once you cast it to a 'char *', you cannot dereference it because
>>it does not point to a character. This same problem would occur with
>>'malloc(1)' and 'int *'.
> 
> I expected the answer:-)  This is probably a matter of the definition
> of "validness", and I won't argue about this point.  (and, of course,
> it cannot be justified to dereference a zero-length pointer, whether
> the result is segfault or not)
> 
> BTW: the "same problem" (of segfault) does actually NOT occur with
> malloc(1) and int * on FreeBSD 5.3 (i386).  I suspect malloc(3) takes
> a special action with the size of zero.

man malloc(3) and look for options 'V' and 'X'.

>>>So, if we wanted to call 0x800 "a valid pointer just with
>>>not-enough-size", it would be fine.  But then we need to implement the
>>>same logic in the kernel to provide consistent behavior.  (I would
>>>"fix" the malloc behavior though).
> 
>>	The malloc behavior is not broken, so it cannot be fixed. The kernel check
>>semantics in 'useracc' are wrong for zero lengths.
> 
> Okay, I'll be happy as long as the library and the kernel provide the
> consistent behavior on which pointer is "valid".

-- 
Andre