[U-Boot] [PATCH] Prevent malloc with size 0

Graeme Russ graeme.russ at gmail.com
Mon Apr 2 00:40:05 CEST 2012 

Hi All

Here we go again ;)

On Mon, Apr 2, 2012 at 12:21 AM, Marek Vasut <marek.vasut at gmail.com> wrote:
> Dear Joakim Tjernlund,
>
>> Marek Vasut <marek.vasut at gmail.com> wrote on 2012/04/01 16:01:56:
>> > Dear Joakim Tjernlund,
>> >
>> > > > Dear Mike Frysinger,
>> > > >
>> > > > > On Thursday, October 21, 2010 17:10:31 Graeme Russ wrote:
>> > > > > > On 22/10/10 06:51, Mike Frysinger wrote:
>> > > > > > > have u-boot return an error.
>> > > > > >
>> > > > > > Is NULL what you consider to be an error
>> > > > >
>> > > > > yes
>> > > > >
>> > > > > > Besides, is not free(NULL) valid (does nothing) as well?
>> > > > >
>> > > > > yes, free(NULL) should work fine per POSIX
>> > > > > -mike
>> > > >
>> > > > Well then, this patch wasn't accepted yet and I consider it OK to
>> > > > apply. Any objections?
>> > >
>> > > There was a long debate on the list regarding this where I argued that
>> > > malloc(0) should not be an error and malloc should return a ptr != NULL
>> > > I guess that is why it hasn't been applied.
>> > >
>> > >  Jocke
>> >
>> > Ok, let's restart. Is there any objection why malloc(0) should not return
>> > NULL in uboot?
>>
>> Yes, read the thread to see why.
>
> Well I did, that's why I have no objections to applying this patch
>
>> > Is it coliding with any spec?
>>
>> No, both are valid.
>>

<quote author="Reinhard Meyer">
Out of principle I would say that malloc(0) should return a non-NULL
pointer of an area where exactly 0 bytes may be used. And, of course,
free() of that area shall not fail or crash the system.
</quote>

I'm wondering how exactly this would work - In theory, if you tried to
access this pointer you should get a segv. But I suppose if you malloc(1)
and try to access beyond the first byte there probably won't be a segv
either....

So to review the facts:

- The original complaint was that malloc(0) corrupts the malloc data
  structures, not that U-Boot's malloc(0) behaviour is non-standard
- Both the malloc(0) returns NULL and malloc(0) returns a uniquely
  free'able block of memory solutions are standard compliant
- malloc(0) returning NULL may break code which, for the sake of code
  simplicity, does not bother to check for zero-size before calling
  malloc()
- malloc(0) returning NULL may help to identify brain-dead use-cases

My vote:

        if ((long)bytes == 0) {
                DEBUG("Warning: malloc of zero block size\n");
                bytes = 1;
        } else if ((long)bytes < 0) {
                DEBUG("Error: malloc of negative block size\n");
                return 0;
        }

Regards,

Graeme

More information about the U-Boot mailing list