> It seems that attempts to mmap a region of size zero causes
> mmap to return zero. Is this a bug?
>
> Since it doesn't return -1, it looks like success, but of
> course dereferencing this NULL pointer causes a crash.
>
> Why would you dereference it if you didn't specify any memory? It
> seems to me that this is valid kernel behavior, and that the program
> has the bug.
The program, in this case, is glibc.
It is mmapping a file which it has been told by stat() is zero length.
I was just curious as to whether Unix98 or similar specifies any
behaviour; nowhere in the man page is the possibility of a zero return
from mmap mentioned. This is a free segfault out of many programs; of
course, as a NULL pointer dereference, it's not exactly dangerous.
FWIW, Solaris (x86 and Sparc) returns -1 and sets errno to EINVAL.
Digital Unix returns -1 and ENXIO.
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu