(utcc.utoronto.ca)

48 points ingve | 3 comments | 25 Jun 25 06:15 UTC | HN request time: 0.709s | source

Show context

bobmcnamara ◴[26 Jun 25 17:01 UTC] No.44389188[source]▶

>>44374114 (OP) #

Ages ago I worked with a system where malloc(0) incremented a counter and returned -1.

free(-1) decremented the counter.

This way you could check for leaks :p

replies(3): >>44389317 #>>44389346 #>>44389977 #

sweetjuly ◴[26 Jun 25 18:28 UTC] No.44389977[source]▶

>>44389188 #

Does this work in practice? Now you have a bunch of invalid but non-NULL pointers flying around. NULL checks which would normally prevent you from accessing invalid pointers now will pass and send you along to deref your bogus pointer.

Even hacking the compiler to treat -1 as equal to NULL as well wouldn't work since lots of software won't free NULL-like pointers.

replies(1): >>44392583 #

1. bobmcnamara ◴[26 Jun 25 23:48 UTC] No.44392583[source]▶

>>44389977 #

> NULL checks which would normally prevent you from accessing invalid pointers now will pass and send you along to deref your bogus pointer.

Oddly, this is bog standard implementation specific behavior for standard C - caller accessing any result of malloc(0) is undefined behavior, and malloc(0) isn't required to return NULL - the reference heap didn't, and some probably still don't.

replies(1): >>44394354 #

2. sweetjuly ◴[27 Jun 25 06:59 UTC] No.44394354[source]▶

>>44392583 (TP) #

Ah, that's my bad. Another day, another UB :)

replies(1): >>44396768 #

3. bobmcnamara ◴[27 Jun 25 13:44 UTC] No.44396768[source]▶

>>44394354 #

Like swimming in a bucket of rusty knives :)

↑

Some bits on malloc(0) in C being allowed to return NULL