>>>>> On Wed, 1 Dec 2004 07:49:54 -0800, >>>>> "David Schwartz" <davids_at_webmaster.com> said: >> % ./a.out >> address of p is 0x800 >> zsh: 645 segmentation fault (core dumped) ./a.out > This should fault. Although the return value of 'malloc(0)' is a valid > pointer, once you cast it to a 'char *', you cannot dereference it because > it does not point to a character. This same problem would occur with > 'malloc(1)' and 'int *'. I expected the answer:-) This is probably a matter of the definition of "validness", and I won't argue about this point. (and, of course, it cannot be justified to dereference a zero-length pointer, whether the result is segfault or not) BTW: the "same problem" (of segfault) does actually NOT occur with malloc(1) and int * on FreeBSD 5.3 (i386). I suspect malloc(3) takes a special action with the size of zero. >> So, if we wanted to call 0x800 "a valid pointer just with >> not-enough-size", it would be fine. But then we need to implement the >> same logic in the kernel to provide consistent behavior. (I would >> "fix" the malloc behavior though). > The malloc behavior is not broken, so it cannot be fixed. The kernel check > semantics in 'useracc' are wrong for zero lengths. Okay, I'll be happy as long as the library and the kernel provide the consistent behavior on which pointer is "valid". Thanks, JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei_at_isl.rdc.toshiba.co.jp p.s. is it better for me to file a separate bug report on this?Received on Thu Dec 02 2004 - 04:41:51 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC