RE: malloc(1/0) ??

• Next message: David Feuer: "Re: Persistent module storage [was Linux 2.4 Status / TODO page]"
• Previous message: David S. Miller: "Re: Poor TCP Performance 2.4.0-10 <-> Win98 SE PPP"
• In reply to: J. Dow: "Re: malloc(1/0) ??"
• Next in thread: Igmar Palsenberg: "Re: malloc(1/0) ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: "Dan Kegel" <dank@alumni.caltech.edu>
> > atmproj@yahoo.com asked:
> > > [Why does this program not crash?]
> > >
> > > main()
> > > {
> > > char *s;
> > > s = (char*)malloc(0);
> > > strcpy(s,"fffff");
> > > printf("%s\n",s);
> > > }
> >
> > It doesn't crash because the standard malloc is
> > optimized for speed, not for finding bugs.
> >
> > Try linking it with a debugging malloc, e.g.
> > cc bug.c -lefence
> > and watch it dump core.
>
> I'm not sure that is fully responsive, Dan. Why doesn't the
> strcpy throw a hissyfit and coredump?

        Why should it? Do you think that when you allocate memory, the chunk of
mappable memory you got always ends on the exact byte you asked it to? When
you invoke undefined behavior, anything can happen.

        DS

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

• Next message: David Feuer: "Re: Persistent module storage [was Linux 2.4 Status / TODO page]"
• Previous message: David S. Miller: "Re: Poor TCP Performance 2.4.0-10 <-> Win98 SE PPP"
• In reply to: J. Dow: "Re: malloc(1/0) ??"
• Next in thread: Igmar Palsenberg: "Re: malloc(1/0) ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Nov 07 2000 - 21:00:21 EST