[U-Boot] [PATCH] Prevent malloc with size 0

Graeme Russ graeme.russ at gmail.com
Mon Apr 2 05:05:51 CEST 2012


Hi Marek,

On Mon, Apr 2, 2012 at 12:51 PM, Marek Vasut <marek.vasut at gmail.com> wrote:
> Dear Graeme Russ,
>
>> Hi Marek,

>> Bottom line is, we could do either and we would be 100% compliant with the
>> C standard
>>
>> The question is, what would be more onerous. Since the majority of U-Boot
>> developers will be more familiar with the glibc implementation, we may
>> one day end up with code that blindly assumes malloc(0) returns a valid
>> pointer and not NULL so to me, returning a valid pointer would be a logical
>> choice.
>>
>> On the converse, returning NULL from malloc(0) means that any attempt to
>> (illegally) deference it will be immediately obvious...
>
> So it's a question of being fool-proof vs. being compatible with glibc. This is
> a tough one, so what about voting ? ;-)
>

#define CONFIG_SYS_GLIBC_MALLOC_COMPAT

Kidding

Consider:

void some_function_a(void)
{
        uchar *blah;
        blah = malloc(1);

        if(blah)
                blah[1] = 'x';
        else
                printf("E_NOMEM\n");
}

void some_function_b(void)
{
        uchar *blah;
        blah = malloc(0);

        if(blah)
                blah[0] = 'x';
        else
                printf("E_NOMEM\n");
}

Both will corrupt data if malloc(0) returns a valid pointer. But:

void some_function_b(int i)
{
        uchar *blah;
        blah = malloc(i);

        if(blah)
                blah[i] = 'x';
        else
                printf("E_NOMEM\n");
}

Will return E_NOMEM if i == 0 and corrupt data is i > 0

It's inconsistent.

I originally thought returning NULL was the most appropriate option, but
seeing the FDT example and thinking how malloc(0) returning a valid pointer
has the potential to simplify (and hence make smaller and faster) code in
some circumstances.

My vote is for glibc compatibility

Regards,

Graeme


More information about the U-Boot mailing list