[U-Boot] [PATCH] Prevent malloc with size 0
Scott Wood
scottwood at freescale.com
Fri Oct 22 19:36:33 CEST 2010
On Fri, 22 Oct 2010 03:55:49 -0400
Mike Frysinger <vapier at gentoo.org> wrote:
> On Friday, October 22, 2010 03:37:43 Joakim Tjernlund wrote:
> > Mike Frysinger wrote on 2010/10/22 09:20:22:
> > > On Friday, October 22, 2010 02:10:16 Joakim Tjernlund wrote:
> > > > does not set errno which screws error handling. One have to bend over
> > > > just to cope with this.
> > >
> > > that depends on your implementation. in u-boot, there really is no
> > > "errno"
> >
> > Yes, and that and that is even worse. How do you tell if you are out of
> > memory or not? Checking size == 0 after the fact? Then you could do that
> > before calling malloc in the first place.
>
> i still dont see any real world (or even theoretical) need for malloc(0). so
> the issue of error checking is irrelevant until you can come up with one.
Here's a (non-U-Boot) example from some code that unflattens a device
tree into a live tree representation:
prop->len = fdt32_to_cpu(fdtprop->len);
fdtprop = fdt_offset_ptr(fdt, offset, sizeof(*fdtprop) + prop->len);
if (!fdtprop) {
ret = -FDT_ERR_TRUNCATED;
goto err;
}
prop->data = malloc(prop->len);
if (!prop->data)
goto nomem;
You couldn't do this in portable code, since malloc(0) is allowed to return
NULL, and it wouldn't be hard to work around it by checking prop->len for
zero. But it is a use case where malloc(0) returning non-NULL is
convenient.
I don't think Joakim's suggestion of a single "impossible_ptr" is compliant,
though -- it's supposed to be either NULL or a *unique* pointer.
-Scott
More information about the U-Boot
mailing list