[cfe-commits] [PATCH 1/1] Checking zero byte allocation for realloc() and calloc().

Cyril Roelandt tipecaml at gmail.com
Sun Nov 20 16:05:33 PST 2011


On 11/19/2011 05:35 AM, Jordy Rose wrote:
> I didn't look into the patch in detail, but it's worth noting that realloc can be safe with a 0 size on BSD, at least. ("If size is zero and ptr is not NULL, a new, minimum sized object is allocated and the original object is freed." but "If ptr is NULL, realloc() is identical to a call to malloc() for size bytes.")
>

Ok. It's a little different on my Linux machine : "if size is equal to 
zero, and ptr is not  NULL,  then  the  call  is equivalent to 
free(ptr)". I am no C guru, but I believe this is 
implementation-defined, according to the C99 standard, and that 
programmers should avoir calling realloc() with size 0. Here is an 
extract from the C99 draft (7.20.3) :

"If the size of the space requested is zero, the behavior is 
implementation-defined: either a null pointer is returned, or the 
behavior is as if the size were some nonzero value, except that the 
returned pointer shall not be used to access an object."

> Also, how much overlap is there with MallocChecker? There's a fixme on CheckMallocZero already about having malloc-related checks in two places.
>

I have just taken a quick look at the MallocChecker, and I think it 
would be possible to look for zero byte allocations here rather than in 
the UnixAPIChecker. It may even be way cleaner than the patch I sent 
earlier. I'll try and look into this ASAP.

> Still, sounds like a good add. Thanks for working on this!

You're welcome!

Cyril.

>
> Jordy
>
>
> On Nov 13, 2011, at 8:52, Cyril Roelandt wrote:
>
>> Hello,
>>
>> Currently, clang can check zero byte allocations for the malloc function. I think it should also warn programmers about zero byte allocations for the calloc and realloc functions.
>>
>> Attached is a patch that implements this idea. It checks either the first argument of malloc(), or the second argument of realloc(), or both arguments of calloc(), looking for a value constrained to 0.
>>
>> Checking both arguments of calloc() makes the code a little bit ugly, so I'll probably need to give it some more work.
>>
>> You may find a test case attached to this mail :
>>
>> $ clang --analyze -c -o alloc alloc.c
>> /tmp/alloc.c:29:16: warning: Call to 'malloc' has an allocation size of 0 bytes
>>    int *ptr = malloc(0);
>>               ^      ~
>> /tmp/alloc.c:36:16: warning: Call to 'calloc' has an allocation size of 0 bytes
>>    int *ptr = calloc(0, sizeof(int));
>>               ^      ~
>> /tmp/alloc.c:43:16: warning: Call to 'calloc' has an allocation size of 0 bytes
>>    int *ptr = calloc(42, 0);
>>               ^          ~
>> /tmp/alloc.c:50:16: warning: Call to 'realloc' has an allocation size of 0 bytes
>>    int *ptr = realloc(NULL, 0);
>>               ^             ~
>>
>> Looking forward to hearing from you,
>> Cyril Roelandt.
>> <zero_byte_allocation.patch><alloc.c>_______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>




More information about the cfe-commits mailing list