malloc(0) actually works?

Question

Possible Duplicate:
what’s the point in malloc(0)?

Why does malloc(0) actually return a valid pointer for writing ?

char *str = NULL;

str = (char*)malloc(0); // allocate 0 bytes ?

printf("Pointer of str: %p\n", str);

strcpy(str, "A very long string ...................");

printf("Value of str: %s", str);

free(str); // Causes crash if str is too long

Output:

Pointer of str: 0xa9d010
Aborted
Value of str: A very long string ...................

When str is shorter then it just works as it should.

BTW: For compiling I used GCC with "-D_FORTIY_SOURCE=0 -fno-stack-protector"

*** glibc detected *** ..: free(): invalid next size (fast): 0x0000000000a9d010 ***

nope, I'm just wondering why strcpy works – Marco Jan 23 '13 at 18:56 — Marco, Jan 23 '13 at 18:56

score 4 · Answer 1 · answered Jan 23 '13 at 18:53

4

It is undefined behavior to dereference the pointer returned by malloc(0).

From the C Standard:

(C99, 7.20.3p1) "If the size of the space requested is zero, the behavior is implementation defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object."

answered Jan 23 '13 at 18:53

ouah

142,963
15
272
331

1

There you have it... So, basically, don't do it. – Robert Harvey Jan 23 '13 at 18:54
Implementation-defined does not mean UB. It means the standard does not define a behavior but requires implementations to define and document their behavior. – R.. GitHub STOP HELPING ICE Jan 23 '13 at 19:09
@R. `malloc(0)` either returns a null pointer and it is UB to dereference a null pointer. Or it returns a pointer that shall not be used to access object. Violation of a shall outside a constraint is UB. So UB in both cases. – ouah Jan 23 '13 at 19:12
Uhg, somehow I misread your answer. Sorry for the noise. – R.. GitHub STOP HELPING ICE Jan 23 '13 at 19:14

score 2 · Accepted Answer · answered Jan 23 '13 at 18:56

2

Why does malloc(0) actually return a valid pointer for writing?

It doesn't return a valid pointer for writing. It returns a valid pointer for not using it. Or it may return NULL as well since the C standard specifies this case to be implementation defined.

answered Jan 23 '13 at 18:56

So basically it just returns a random pointer? – Marco Jan 23 '13 at 18:59
1

@user2005038 I don't know how random it is. It returns a valid pointer, which is not to be dereferenced afterwards. – Jan 23 '13 at 19:03
It's not "random": it shall not be equal to the address of any object nor any pointer returned by previous invocations of `malloc(0)`. – R.. GitHub STOP HELPING ICE Jan 23 '13 at 19:10
1

Certainly it is sensible to return a unique pointer. E.g., consider an application that is partitioning a set (e.g., here is a set of strings, make a partition for each initial character), and one of the partitions happens to contain zero objects. So it makes sense to allocate zero bytes for the contents, but the application may still want its pointer to be unique, so that it can be distinguished from the pointers to the contents of other partitions. – Eric Postpischil Jan 23 '13 at 19:39

score 1 · Answer 3 · answered Jan 23 '13 at 18:56

1

malloc() is supposed to return a void* pointer. And it faithfully does that. But leads to UB when you dereference it.

answered Jan 23 '13 at 18:56

sr01853

6,043
1
19
39

malloc(0) actually works?

3 Answers3

Linked

Related