Re: [CODE] CREATE() buglet

From: d. hall (dhall@OOI.NET)
Date: 07/07/98

Next message: d. hall: "Re: [BACKUP] Maybe Silly Question"
Previous message: George: "Re: [BACKUP] Maybe Silly Question"
Maybe in reply to: Dean Takemori: "[CODE] CREATE() buglet"
Next in thread: Dean Takemori: "Re: [CODE] CREATE() buglet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> thus on Tue, 7 Jul 1998 02:11:04 +0200, Erwin wrote:

> On Mon, 6 Jul 1998, Dean Takemori wrote:
>> A pointer to 0 bytes?  Yikes.  I was curious to see what happens
>> when you malloc(0) on Solaris.  Turns out Sun's library does
>> indeed return a non-NULL pointer.  Did some more playing around
>> and discovered that malloc(-100) also returns a non-NULL pointer,
>> which can even be used!  (It trashes random parts of memory.)

> malloc() etc. take a size_t argument, which is unsigned (and represents
> the result of a sizeof AFAIR).

> gcc needs -Wunsigned to warn you about it (g++ luckily has it as
> default).

Isn't circle by default compiled with -Wall.  -W by default as stated by
gcc's man page notes:

          o   An unsigned value is compared against zero with `>'
              or `<='.

Although I have found that my SGI's compiler actually does this (it likes
to warn profusely), and gcc 2.7.2.x does not.

There is no -Wunsigned for gcc 2.7.2.X, although you may be able to
duplicate this with several more spurious errors with -Wconversion.

       -Wconversion
              Warn  if  a prototype causes a type conversion that
              is different from what would happen to the same ar-
              gument  in  the  absence  of a prototype.  This in-
              cludes conversions of fixed point to  floating  and
              vice  versa,  and conversions changing the width or
              signedness of a fixed point  argument  except  when
              the same as the default promotion.

It may work.

> -100 cast to size_t is... a lot. It's strange that this malloc at all
> succeeded. I suppose something in the malloc routines then overflowed when
> given such a large number.

Quite a few programmers make wrappers for malloc to one: assert(3) that
requested length is > 0, and if the return is non-null.  Quite of few
public libs do a malloc or die implementation.

d.


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+

Next message: d. hall: "Re: [BACKUP] Maybe Silly Question"
Previous message: George: "Re: [BACKUP] Maybe Silly Question"
Maybe in reply to: Dean Takemori: "[CODE] CREATE() buglet"
Next in thread: Dean Takemori: "Re: [CODE] CREATE() buglet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 12/15/00 PST