Sujet : Re: VMS
De : rich (at) *nospam* example.invalid (Rich)
Groupes : comp.os.linux.miscDate : 27. Jun 2025, 20:40:12
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <103ms2s$b25r$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12
User-Agent : tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
candycanearter07 <
candycanearter07@candycanearter07.nomail.afraid> wrote:
Robert Riches <spamtrap42@jacob21819.net> wrote at 03:43 this Saturday (GMT):
On 2025-06-21, rbowman <bowman@montana.com> wrote:
On Fri, 20 Jun 2025 23:07:20 -0000 (UTC), Rich wrote:
>
Very likely, but the idea was to protect the typical programmer from
their own common mistakes (of not carefully checking error return codes
or buffer lengths, etc.). I.e. the typical 9-5 contract programmer, not
the Dennis Ritchie's of the world.
>
I'm paranoid enough that I check the return of malloc and try to log the
problem even though I'm probably screwed at that point. It has pointed out
errors for calloc if you've manged to come up with a negative size.
>
I have worked with programmers that assumed nothing bad would ever happen.
Sadly, some had years of experience.
>
Some years ago, I heard of a bug related to use of malloc. The
code had _intended_ to dynamically allocate storage for a string
and the terminating null byte. It was _intended_ to do this:
>
dest = malloc(strlen(src)+1);
>
Instead, a paren was misplaced:
>
dest = malloc(strlen(src))+1;
>
IIUC, the next line copied the src string into the newly-
allocated destination.
Aren't you supposed to multiply by sizeof as well?
Only if you are allocating space for a group of things that are
themselves larger than bytes. Since 'strlen' is a string operator, the
individual pieces are "bytes" so you don't need to multiply in this
instance.
Those who had worked on that project longer said the bug had been
latent in the code for several years, most likely with alignment
padding masking the bug from being discovered. Curiously, the
bug made itself manifest immediately upon changing from a 32-bit
build environment to a 64-bit build environment.
I'm more surprised it didn't segfault. Any idea what caused it to not?
I know strlen doesn't account for the terminating character, but it
seems like it should've been TWO bytes shorter...
Almost all mallocs do not give you /exactly/ the number of bytes you
request. The actual allocated buffer (by malloc) returned is often
larger (common choices for rounding up are: cpu bus size, cpu cache
line size, page size, or next higher power of two). So the
"misalignment" of the buffer being used being "one more" than the
actual start of the allocated space would not be noticed if that
"rounding up" actually added at least one extra byte on the end of the
buffer.
Re: VMS
Re: VMS