On 2024-10-18 05:30, Douglas McIlroy wrote: > Regardless of the behavior of malloc(0), one expects this theorem to > hold: > > Given that p = malloc(n) is not NULL, that 0<=m<=n, and that > malloc(m) could in some > circumstance return a non-null pointer, then realloc(p,m) will > return a non-null pointer. > > REALLOC_ZERO_BYTES_FREES flies in the face of this rational > expectation about dynamic storage allocation.
On Fri, Oct 18, 2024 at 11:38:22AM GMT, Paul Eggert wrote: > Thanks, this is an important point. The basic idea is that one must always > be able to shrink an allocation, even if the shrinkage is zero. I would > reword the point a bit more strongly, like this: > > If malloc(N) successfully returns P, then realloc(P,M) must succeed if M > <= N. > > A lot of code assumes this. Although ISO C doesn't require it, it remains a > significant quality-of-implementation issue. And since glibc doesn't > guarantee it, glibc should be fixed. Link: <https://github.com/shadow-maint/shadow/pull/1095> Link: <https://nabijaczleweli.xyz/content/blogn_t/017-malloc0.html> Link: <https://inbox.sourceware.org/libc-alpha/t7low35raw7dodsie7umqbnddpm7q2eenkbv5lafesrqrisudn@zqvuq3izem6t/T/#t> Suggested-by: Alejandro Colomar <a...@kernel.org> Suggested-by: наб <nabijaczlew...@nabijaczleweli.xyz> Suggested-by: Douglas McIlroy <douglas.mcil...@dartmouth.edu> Suggested-by: Paul Eggert <egg...@cs.ucla.edu> Cc: Siddhesh Poyarekar <siddh...@gotplt.org> Cc: Joseph Myers <josmy...@redhat.com> Signed-off-by: Alejandro Colomar <a...@kernel.org> --- Hi Paul, Here's a draft of a patch. If you need me to tweak anything just let me know. If you prefer to amend yourself, feel free to do so. Have a lovely night! Alex doc/posix-functions/realloc.texi | 5 ++--- lib/realloc.c | 11 ++++++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/doc/posix-functions/realloc.texi b/doc/posix-functions/realloc.texi index 6bb61dd7e4..0e3f56b4d8 100644 --- a/doc/posix-functions/realloc.texi +++ b/doc/posix-functions/realloc.texi @@ -43,7 +43,6 @@ It fixes these portability problems: AIX 7.2. @item -On some platforms, @code{realloc (p, 0)} with non-null @code{p} -might not free @code{p}, or might clobber @code{errno}, -or might not return @code{NULL}. +On some platforms, +@code{realloc (p, 0)} is not consistent with @code{malloc (0)}. @end itemize diff --git a/lib/realloc.c b/lib/realloc.c index 0573139625..236643367e 100644 --- a/lib/realloc.c +++ b/lib/realloc.c @@ -31,8 +31,8 @@ #undef realloc /* Change the size of an allocated block of memory P to N bytes, - with error checking. If P is NULL, use malloc. Otherwise if N is zero, - free P and return NULL. */ + with error checking. If P is NULL, use malloc. + If N is zero, avoid calling libc realloc, which misbehaves. */ void * rpl_realloc (void *p, size_t n) @@ -42,8 +42,13 @@ rpl_realloc (void *p, size_t n) if (n == 0) { + void *q = malloc (0); + + if (q == NULL) + return NULL; + free (p); - return NULL; + return q; } if (xalloc_oversized (n, 1)) -- 2.45.2
signature.asc
Description: PGP signature
