Glauber Costa <glom...@redhat.com> writes: > On Tue, Dec 01, 2009 at 12:57:27PM +0000, Paul Brook wrote: >> > You might want to have a 'static uint8_t zero_length_malloc[0]' and >> > return that instead of the magic cookie '1'. Makes the code more >> > readable IMHO and you'll also have symbol in gdb when debugging qemu. >> >> Having multiple malloc return the same pointer sounds like a really bad idea. > And why's that? > > Keep in mind that *any* dereference over that address is a bug. > > Actually, I very much like Gerd's idea to unmap that address, so the bug > won't hide from us in any circumnstances.
For what it's worth, it violates the spec for malloc(). For zero-sized allocations, we may either return a null pointer (but we already decided we don't want to), or an object different from any other object alive. Thus, we can't return the same non-null pointer for all zero-sized allocations. Chapter and verse: ISO/IEC 9899:1999 7.20.3 Memory management functions The order and contiguity of storage allocated by successive calls to the calloc, malloc, and realloc functions is unspecified. The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated). The lifetime of an allocated object extends from the allocation until the deallocation. Each such allocation shall yield a pointer to an object disjoint from any other object. The pointer returned points to the start (lowest byte address) of the allocated space. If the space cannot be allocated, a null pointer is returned. If the size of the space requested is zero, the behavior is implementation- defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.