[U-Boot] [PATCH] Prevent malloc with size 0

Graeme Russ graeme.russ at gmail.com
Mon Apr 2 02:25:44 CEST 2012


Hi Marek,

On Mon, Apr 2, 2012 at 10:13 AM, Marek Vasut <marek.vasut at gmail.com> wrote:
> Dear Graeme Russ,
>
>> Hi Marek,
>>
>> On Mon, Apr 2, 2012 at 9:45 AM, Marek Vasut <marek.vasut at gmail.com> wrote:
>> > Dear Graeme Russ,
>> >

>> Because you just set it off - Right now, that code is assuming malloc(0)
>> will return a valid pointer and thus not throw an E_NOMEM error - Now
>> all that code will fail with E_NOMEM
>
> Well ... that code worked with invalid memory (most probably not even R/W
> because it was some completely random hunk) and worked only by sheer
> coincidence. Let's break it, it was broken anyway.

a) The code calling malloc(0) is not broken, U-Boot's implementation of
   malloc(0) is.

b) The code calling malloc(0) is making a perfectly legitimate assumption
   based on how glibc handles malloc(0)

c) Just because glibc does something does not mean we have to

d) malloc(0) returning NULL and malloc(0) returning a valid pointer is not
   going to trouble me as I will never call malloc(0)

> Do you know about any such code? That's why I suggest adding such a debug() only
> in case there's malloc(0) called. Maybe even add a printf() instead.

Did you see the FDT example - Admitedly not in U-Boot but it's a really
good example IMHO - For the sake of code simplisity and clarity, some
processing loops are best implemented assuming malloc(0) will return
a valid pointer. Now if that pointer is de-referenced, then that is
the callers problem...


Regards,

Graeme


More information about the U-Boot mailing list