Re: [CODE] CREATE() buglet

From: Erwin S. Andreasen (erwin@ANDREASEN.COM)
Date: 07/06/98


On Mon, 6 Jul 1998, Dean Takemori wrote:

> A pointer to 0 bytes?  Yikes.  I was curious to see what happens
> when you malloc(0) on Solaris.  Turns out Sun's library does
> indeed return a non-NULL pointer.  Did some more playing around
> and discovered that malloc(-100) also returns a non-NULL pointer,
> which can even be used!  (It trashes random parts of memory.)

malloc() etc. take a size_t argument, which is unsigned (and represents
the result of a sizeof AFAIR).

gcc needs -Wunsigned to warn you about it (g++ luckily has it as default).

-100 cast to size_t is... a lot. It's strange that this malloc at all
succeeded. I suppose something in the malloc routines then overflowed when
given such a large number.

> Which brings me to my point/question.  Should the CREATE/RECREATE
> macros disallow this behavior?

The compiler should be smart enough to see through this, with the right
warning options.

 =============================================================================
<erwin@andreasen.com>      Herlev, Denmark              UNIX System Programmer
<URL:http://www.abandoned.org/drylock/>     <*>         (not speaking for) DDE
 =============================================================================


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST