Opened 4 years ago

Closed 3 years ago

#111 closed defect (fixed)

libc: zero size allocations are handled improperly

Reported by: Lukáš Zaoral Owned by: Henrich Lauko
Priority: major Milestone: 4.4
Component: DiOS Keywords:
Cc: kdudka@…, lzaoral@…

Description

Hi,
whenever a zero size allocation occurs, DiOS' implementation of {m,c,re}aloc sets errno to ENOMEM, which is a correct behaviour (at least according to POSIX.1-2017). However, just returning NULL in such case is not desirable, because Divine would never find following errors:

1.

#include <stdlib.h>

int main(void)
{
    char *ptr = malloc(0);
    if (ptr == NULL)
        return EXIT_SUCCESS;

    (void) *ptr; /* error */
    free(ptr);
}

2.

#include <stdlib.h>

int main(void)
{
    char *ptr = malloc(0);
    if (ptr == NULL)
        return EXIT_SUCCESS;

    /* possible leak */
}

Change History (3)

comment:1 Changed 4 years ago by Henrich Lauko

Owner: set to Henrich Lauko
Status: newassigned

comment:2 Changed 4 years ago by Henrich Lauko

Status: assignedaccepted

comment:3 Changed 3 years ago by mornfall

Resolution: fixed
Status: acceptedclosed

The invalid dereference variant is fixed in next. I don't think the leak check is very important, but if you feel otherwise, please open a separate ticket.

Note: See TracTickets for help on using tickets.