Date: Mon, 11 Dec 2006 12:25:44 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Luigi Rizzo <rizzo@icir.org> Cc: stable@freebsd.org Subject: Re: malloc(0) returns 0x800 on FreeBSD 6.2 ? Message-ID: <20061211182544.GG69299@dan.emsphone.com> In-Reply-To: <20061211094423.B44819@xorpc.icir.org> References: <20061211094423.B44819@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Dec 11), Luigi Rizzo said:
> i was debugging a program on FreeBSD 6, and much to my surprise, i
> noticed that malloc(0) returns 0x800, as shown by this program:
>
> > more a.c
> #include <stdio.h>
> int main(int argc, char *argv[])
> {
> char *p = malloc(0);
> printf(" malloc 0 returns %p\n", p);
> }
> > cc -o a a.c
> > ./a
> malloc 0 returns 0x800
>
> if you look at the source this is indeed clear - internally the 0x800
> is ZEROSIZEPTR and is set when a zero length is passed to malloc()
> unless you have malloc_sysv set.
Right, it passed you a pointer to which you may write 0 bytes to;
exactly what the program asked for :)
The FreeBSD 6.x behaviour is slightly against POSIX rules that state
all successful malloc calls must return unique pointers, so the 7.x
malloc silently rounds zero-size mallocs to 1. Ideally malloc would
return unique pointers to blocks of memory set to MPROT_NONE via
mprotect() (you could fit 8192 of these pointers in an 8k page), to
prevent applications from using that byte of memory.
--
Dan Nelson
dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061211182544.GG69299>