Re: realloc(): invalid next size


"Pedro Graca" <hexkid@xxxxxxxxxxx> wrote in message
news:slrne3q03s.c3j.hexkid@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Rod Pemberton wrote:
"Chris Torek" <nospam@xxxxxxxxx> wrote in message
news:e1gq3i0930@xxxxxxxxxxxxxxxxxxxx
(Seriously: C89 specifically said that realloc(NULL,n) was equivalent
to malloc(n), and malloc(0) *could* be equivalent to malloc(1); it
then also said that realloc(p,0) was equivalent to free(p); so what
then is realloc(NULL,0) -- is it like malloc(0) and hence like
malloc(1), or is it just free(NULL)?)

If your question wasn't rhetorical, this realloc probably answers your
question. It has undefined behavior since it doesn't determine the
'magic
mystery size' of s1...

void *my_realloc (void *s1, size_t size)
{
void *s2=NULL;

if (size!=0||s1==NULL)
s2 = malloc(size);
else
free(s1);
if (s1!=NULL)
memcpy(s2, s1, size);
return(s2);
}

Hmm, there seems to be something wrong with this my_realloc():

new_pointer = my_realloc(NULL, 100); /* ok */
new_pointer = my_realloc(NULL, 0); /* ok */
new_pointer = my_realloc(old_pointer, 100); /* old_pointer not free'd */

That's a simple fix:
if (s1!=NULL)
{
memcpy(s2, s1, size);
free(s1);
}

new_pointer = my_realloc(old_pointer, 0); /* memcpy(NULL, ????, 0); */

You've got that wrong. The last case is memcpy(new_pointer,old_pointer,0);
i.e., new_pointer = my_realloc(old_pointer, 0); /*
memcpy(new_pointer,old_pointer,0); */

If size is zero, s1 is freed (which doesn't set s1 to NULL) and s2 is
returned which is NULL.

In the last example, will the call to memcpy() invoke UB? Or, because
size is 0 (zero), it doesn't matter what the pointers point to?

As I said, you've got the last one wrong. No NULL is ever passed to
memcpy(), but a size zero is. To eliminate the size zero problem, you need
to know the old size, and check that it isn't zero. Which as Chris Torek's
example shows, it's based on compiler secrets.

The point of my reply was that Chris Torek's solution will pass NULL's for
'old' that _could_ "invoke" (I really don't like "invoke," it implies a
guaranted action...) UB for the first two situations:

new_pointer = my_realloc(NULL, 100); /* not Ok for ChrisT example*/
new_pointer = my_realloc(NULL, 0); /* not Ok for ChrisT example*/

(If you're keeping score, Chris has two UB, one size zero problem. And,
mine had one coding error, and one size zero problem.)

A closer corrected realloc, would be some merger of mine and Chris', with
zero correction for size:

void *realloc (void *s1, size_t size)
{
void *s2=NULL;
size_t oldsize = __some_sort_of_magic_done_here(old);

if (size!=0||s1==NULL)
s2 = malloc(size);
else
free(s1);
if (s1!=NULL)
{
size=oldsize<size?oldsize:newsize;
if(size==0)
size=1;
memcpy(s2, s1, size);
free(s1);
}
return(s2);
}


HTH,

Rod Pemberton




.

Relevant Pages

  • Re: realloc(): invalid next size
    ... but a size zero is. ... (If you're keeping score, Chris has two UB, one size zero problem. ... void *realloc ...
    (comp.lang.c)
  • Re: Correct strod return error checking
    ... >>>Changing your compilerflags to report this kind of errors ... >> chris. ... zero is returned and the value of nptr ... Sorry I still have to get used to the manpage language since I am a ...
    (comp.unix.programmer)
  • Identity crisis
    ... But, when I switch to the other identity, I show zero names in that contact ... although I am sharing an ... Chris ... Prev by Date: ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: 11 year olds homework
    ... > (Chris) wrote: ... > was 18, for that matter)! ... > Assume from now on that not all four numbers are zero. ... They no longer do my traditional winks tournament lunch - liver and bacon. ...
    (sci.math)
  • Re: Monitor CPU utilization and Network utilization?
    ... You'll probably have to tweak the thresholds a bit though - even when a system isn't doing anything the CPU/Network utilisation will never be zero. ... Chris M. ... For example, the WMI query: ...
    (microsoft.public.windows.server.scripting)