Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make malloc(0) and posix_memalign(0) return a non-null pointer #3576

Closed
RalfJung opened this issue May 6, 2024 · 8 comments · Fixed by #3600
Closed

Make malloc(0) and posix_memalign(0) return a non-null pointer #3576

RalfJung opened this issue May 6, 2024 · 8 comments · Fixed by #3600
Labels
A-shims Area: This affects the external function shims C-enhancement Category: a PR with an enhancement or an issue tracking an accepted enhancement E-good-first-issue A good way to start contributing, mentoring is available

Comments

@RalfJung
Copy link
Member

RalfJung commented May 6, 2024

Currently we just return a null pointer, but we're also allowed to return a unique non-zero address. That would have the benefit that we can detect leaks (not calling free) or double-free.
@RalfJung RalfJung added C-enhancement Category: a PR with an enhancement or an issue tracking an accepted enhancement A-shims Area: This affects the external function shims E-good-first-issue A good way to start contributing, mentoring is available labels May 6, 2024
@tiif
Copy link
Contributor

tiif commented May 6, 2024
edited
Loading

This is interesting. I've had this question on my mind for quite a while, how will malloc(0) cause a memory leak if the memory allocated is 0 byte?

Besides, the return value of malloc(0) seems to be implementation-defined1, and may return null or a valid pointer. If miri only return a non-zero address, and the user assumed malloc(0) return null (hence they don't free it), would it be considered a false positive?

Footnotes

  1. https://stackoverflow.com/questions/5372591/why-is-the-return-value-of-malloc0-implementation-defined

@RalfJung
Copy link
Member Author

RalfJung commented May 6, 2024

This is interesting. I've had this question on my mind for quite a while, how will malloc(0) cause a memory leak if the memory allocated is 0 byte?

There can be metadata associated with this allocation, managed by the allocator, that would be leaked.

Besides, the return value of malloc(0) seems to be implementation-defined1, and may return null or a valid pointer. If miri only return a non-zero address, and the user assumed malloc(0) return null (hence they don't free it), would it be considered a false positive?

Implementation-defined means that the implementation gets to decide. If the user assumes that malloc(0) returns null, then they are making a false assumption, since it is not necessarily true that the implementation will return null.

@tiif

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@tiif

This comment was marked as resolved.

Sign in to view
@tiif tiif mentioned this issue May 7, 2024
Merged
@tiif
Copy link
Contributor

tiif commented May 7, 2024

I wonder if we should do the same for posix_memalign? It is still returning a null pointer currently.

If size is 0, then the value placed in *memptr is either NULL or a unique pointer value.
https://man7.org/linux/man-pages/man3/posix_memalign.3.html

@RalfJung
Copy link
Member Author

RalfJung commented May 7, 2024 via email
edited
Loading

bors added a commit that referenced this issue May 8, 2024
@bors
Auto merge of #3580 - tiif:feat/malloc0-non-null-pointer, r=RalfJung
6714e03 
Implement non-null pointer for malloc(0)

Use non-null pointer for malloc(0) as mentioned in  #3576 to detect leaks and double free of ``malloc(0)`` addresses.
@RalfJung RalfJung changed the title Make malloc(0) return a non-null pointer Make malloc(0) and posix_memalign(0) return a non-null pointer May 9, 2024
@RalfJung
Copy link
Member Author

RalfJung commented May 9, 2024

#3580 implements this for malloc; posix_memalign could get the same treatment as discussed above.

@tiif tiif mentioned this issue May 11, 2024
Merged
@bors bors closed this as completed in cda82c7 May 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-shims Area: This affects the external function shims C-enhancement Category: a PR with an enhancement or an issue tracking an accepted enhancement E-good-first-issue A good way to start contributing, mentoring is available
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use non-null pointer for size 0 posix memalign tiif/miri
2 participants
@RalfJung @tiif