From: Peter Stephenson <p.w.stephenson@ntlworld.com>
To: zsh-workers@sunsite.dk (Zsh hackers list)
Subject: PATCH: and query for malloc(0).
Date: Fri, 27 Apr 2007 22:35:14 +0100 [thread overview]
Message-ID: <200704272135.l3RLZE1d005051@pwslaptop.csr.com> (raw)
Playing with POSIX regexes, I found some errors coming from zsh's memory
allocation with debugging on. These turned out to resolve to some
malloc()s and free()s for zero length and the following oddity in
malloc():
/* some systems want malloc to return the highest valid address plus one
if it is called with an argument of zero */
if (!size)
return (MALLOC_RET_T) m_high;
Wuh...err...wuh...err...? As I've commented in the patch below,
TODO: really? Suppose we allocate more memory, so
that this is now in bounds, then a more rational application
that thinks it can free() anything it malloc'ed, even
of zero length, calls free for it? Aren't we in big
trouble? Wouldn't it be safer just to allocate some
memory anyway?
Actually, what was causing the immediate problem was a free() on
the address when it *was* still m_high, which was (correctly) being
flagged as an error by memory debugging (valgrind agreed something
was rotten). But actually I think that's a side effect of the odd
code above.
This code already seemed to be ancient at the first mention of mem.c in
the mailing list archive in 1995. If anyone knows anything, please
speak. Otherwise I will commit the following patch. valgrind and
the shell's own routines are much happier with it.
Index: Src/mem.c
===================================================================
RCS file: /cvsroot/zsh/zsh/Src/mem.c,v
retrieving revision 1.14
diff -u -r1.14 mem.c
--- Src/mem.c 30 May 2006 22:35:03 -0000 1.14
+++ Src/mem.c 27 Apr 2007 21:24:56 -0000
@@ -830,10 +830,26 @@
#endif
/* some systems want malloc to return the highest valid address plus one
- if it is called with an argument of zero */
+ if it is called with an argument of zero.
+
+ TODO: really? Suppose we allocate more memory, so
+ that this is now in bounds, then a more rational application
+ that thinks it can free() anything it malloc'ed, even
+ of zero length, calls free for it? Aren't we in big
+ trouble? Wouldn't it be safer just to allocate some
+ memory anyway?
+
+ If the above comment is really correct, then at least
+ we need to check in free() if we're freeing memory
+ at m_high.
+ */
if (!size)
+#if 1
+ size = 1;
+#else
return (MALLOC_RET_T) m_high;
+#endif
queue_signals(); /* just queue signals rather than handling them */
--
Peter Stephenson <p.w.stephenson@ntlworld.com>
Web page now at http://homepage.ntlworld.com/p.w.stephenson/
next reply other threads:[~2007-04-27 21:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-27 21:35 Peter Stephenson [this message]
2007-04-30 3:29 ` Geoff Wing
2007-04-30 9:22 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200704272135.l3RLZE1d005051@pwslaptop.csr.com \
--to=p.w.stephenson@ntlworld.com \
--cc=zsh-workers@sunsite.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).