Opened 6 years ago
Closed 5 years ago
#111 closed defect (fixed)
libc: zero size allocations are handled improperly
| Reported by: | Lukáš Zaoral | Owned by: | Henrich Lauko |
|---|---|---|---|
| Priority: | major | Milestone: | 4.4 |
| Component: | DiOS | Keywords: | |
| Cc: | kdudka@…, lzaoral@… |
Description
Hi,
whenever a zero size allocation occurs, DiOS' implementation of {m,c,re}aloc sets errno to ENOMEM, which is a correct behaviour (at least according to POSIX.1-2017). However, just returning NULL in such case is not desirable, because Divine would never find following errors:
1.
#include <stdlib.h>
int main(void)
{
char *ptr = malloc(0);
if (ptr == NULL)
return EXIT_SUCCESS;
(void) *ptr; /* error */
free(ptr);
}
2.
#include <stdlib.h>
int main(void)
{
char *ptr = malloc(0);
if (ptr == NULL)
return EXIT_SUCCESS;
/* possible leak */
}
Change History (3)
comment:1 Changed 6 years ago by
| Owner: | set to Henrich Lauko |
|---|---|
| Status: | new → assigned |
comment:2 Changed 6 years ago by
| Status: | assigned → accepted |
|---|
comment:3 Changed 5 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Note: See
TracTickets for help on using
tickets.
The invalid dereference variant is fixed in next. I don't think the leak check is very important, but if you feel otherwise, please open a separate ticket.