[Webkit-unassigned] [Bug 29026] CRASH: fastRealloc crashes on realloc(ptr, 0)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 11 13:44:39 PDT 2009


--- Comment #9 from Mark Rowe (bdash) <mrowe at apple.com>  2009-09-11 13:44:38 PDT ---
(In reply to comment #8)
> (In reply to comment #7)
> > I agree that fastRealloc should have the same semantics as realloc, or be
> > renamed. However, I'm not sure which specification you're citing, as the
> > behavior is different per Mac OS X man page:
> > 
> > "If ptr is NULL, realloc() is identical to a call to malloc() for size bytes.
> > If size is zero and ptr is not NULL, a new, minimum sized object is allocated
> > and the original object is freed."
> > 
> > As a result, the behavior of realloc(0, 0) is implementation defined, but
> > realloc(nonNull, 0) doesn't return 0 unless minimum sized object allocation
> > fails.
> Good digging, Alexey! I was using this reference: 
> http://www.opengroup.org/onlinepubs/009695399/functions/realloc.html
> So it appears that BSD (and Mac OSX) already diverges from the C spec.

Quoting from
If size is 0, either a null pointer or a unique pointer that can be
successfully passed to free() shall be returned.

Mac OS X's malloc returns a unique pointer that can be successfully passed to
free.  That's completely in line with the specification.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list