LibC: fix realloc in case of allocation failure #3108
Conversation
|
Note that malloc() does not fail; it will crash if unable to allocate. |
|
currently malloc_impl can return null , see commit 4291e96 |
Libraries/LibC/stdlib.h
Outdated
| void* realloc(void* ptr, size_t); | ||
| __attribute__((malloc)) __attribute__((alloc_size(2))) void* realloc(void* ptr, size_t); |
There was a problem hiding this comment.
This doesn't seem right. From GCC documentation:
This tells the compiler that a function is malloc-like, i.e., that the pointer P returned by the function cannot alias any other pointer valid when the function returns, and moreover no pointers to valid objects occur in any storage addressed by P.
Using this attribute can improve optimization. Compiler predicts that a function with the attribute returns non-null in most cases. Functions like malloc and calloc have this property because they return a pointer to uninitialized or zeroed-out storage. However, functions like realloc do not have this property, as they can return a pointer to storage containing pointers.
There was a problem hiding this comment.
👍 I missed that the definition of the malloc attributes was changed in recent gcc version
Up to gcc version 4.64 it was applicable.
https://gcc.gnu.org/onlinedocs/gcc-4.6.4/gcc/Function-Attributes.html
There was a problem hiding this comment.
@awesomekling why is it so mem allocation will crash the app? isn't it more appropriate to let the application decide how to proceed?
if malloc/calloc/realloc will never fail, then may we should mark them as returns_nonnull
There was a problem hiding this comment.
The majority of the system (both apps and libraries) is designed around many small heap-allocated objects. It would be massively obnoxious to have to null-check allocation everywhere. It's also far from obvious what to do in each case where an allocation might fail.
The thing that tends to matter in practice is large allocations and those generally go through mmap which can fail (if we run out of virtual address space, for example.)
If the space cannot be allocated, the original memory block shall remain unchanged and the function should return null LibC: fix realloc in case of reuested size== 0 make realloc function ISO C compliant LibC: add missing attributes to realloc LibCore: calloc: check for null before memset LibC: mark realloc with alloc_size attribute
tryfinally
force-pushed
the
dev-libC-realloc-fix
branch
from
d551fd8
to
4385073
Compare
If the space cannot be allocated, the original memory block shall remain unchanged and the function should return nullptr. Also add a function attribute and some null checks.
If the space cannot be allocated, the original memory block shall remain
unchanged and the function should return null