Austin Group Defect Tracker

Aardvark Mark IV


Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0000520 [1003.1(2008)/Issue 7] System Interfaces Objection Enhancement Request 2011-11-29 14:15 2019-06-10 08:55
Reporter eblake View Status public  
Assigned To ajosey
Priority normal Resolution Accepted As Marked  
Status Closed  
Name Eric Blake
Organization Red Hat
User Reference ebb.posix_memalign
Section posix_memalign
Page Number 1418
Line Number 46428
Interp Status ---
Final Accepted Text See Note: 0001184
Summary 0000520: posix_memalign should not modify memptr on failure
Description The standard is currently silent on the contents of *memptr if
posix_memalign( ) fails, however, in the implementations that I
surveyed, the pointer was unchanged. Adding a requirement to
enforce this behavior can simplify some coding styles. Currently,
I have to use:

void *ptr = NULL;
...
//do some work, which might goto error
if (posix_memalign(&ptr, align, size)) {
  ptr = NULL;
  goto error;
}
//do some more work, which might goto error
...
error:
  free(ptr);
  //more cleanup;

But if we guarantee that the pointer is unchanged on error, then the
implementation can rely on the previous contents, and skip the
(re-)assignment of NULL on error while still ensuring that the
pointer can safely be passed to free( ) on all code paths.

if (posix_memalign(&ptr, align, size))
  goto error;

This change is comparable to 0000467 on pipe( ).
Desired Action At line 46428 [XSH posix_memalign RETURN VALUE], change:

otherwise, an error number shall be returned to indicate the error.

to:

otherwise, the contents of memptr shall be left unmodified and an
error number shall be returned to indicate the error.
Tags tc2-2008
Attached Files

- Relationships
related to 0000467Closedajosey pipe should not modify fd on failure 
related to 0000483Closedajosey socketpair should not modify socket_vector on failure 
related to 0000526Closedajosey Adopt C99 wording for zero size calloc(), malloc() et al. 
related to 0000623Closedajosey poll should not modify fds[i].fd and fds[i].events 

-  Notes
(0001178)
eblake (manager)
2012-03-29 20:58

For reference, here is the program I used to test things (note that
posix_memalign is a relatively new interface, so most platforms that
I tried to test on still lacked it - but on GNU/Linux and FreeBSD, my
results were consistent).

$ cat foo.c
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <stdint.h>
#include <string.h>
int main() {
    void *ptr = (void*) 2;
    printf("ptr=%p\n", ptr);
    int ret = posix_memalign(&ptr, 3, 3);
    printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno);
    printf("%s\n", strerror(ret));
    errno = 0;
    ret = posix_memalign(&ptr, 1024, SIZE_MAX - 2);
    printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno);
    printf("%s\n", strerror(ret));
    return 0;
}
$ ./foo
ptr=0x2
ptr=0x2 ret=22 errno=0 Invalid argument
ptr=0x2 ret=12 errno=12 Cannot allocate memory
(0001181)
joerg (reporter)
2012-03-30 16:14

On Solaris, ptr is always NULL in case of a failure.

....
                error = ENOMEM;

        *memptr = ptr;
        return (error);
}

The return above is the only return from the function.
(0001184)
geoffclare (manager)
2012-04-02 08:48

Given the behaviour on Solaris, I am reopening this bug.

Since the point of the requested change was to ensure that
if ptr is set to null before a failed call, it will still be
null afterwards, and since Solaris explicitly sets it to null,
the desired coding style will still work on Solaris. The
standard should allow either behaviour.

Revised proposal:

At line 46428 [XSH posix_memalign RETURN VALUE], change:

otherwise, an error number shall be returned to indicate the error.

to:

otherwise, an error number shall be returned to indicate the error
and the contents of memptr shall either be left unmodified or be
set to a null pointer.

On line 46436 change the EXAMPLES section from:

None

to:

The following example shows how applications can obtain consistent
behavior on error by setting *memptr to be a null pointer before
calling posix_memalign().

void *ptr = NULL;
...
//do some work, which might goto error
if (posix_memalign(&ptr, align, size))
  goto error;

//do some more work, which might goto error
...
error:
  free(ptr);
  //more cleanup;

- Issue History
Date Modified Username Field Change
2011-11-29 14:15 eblake New Issue
2011-11-29 14:15 eblake Status New => Under Review
2011-11-29 14:15 eblake Assigned To => ajosey
2011-11-29 14:15 eblake Name => Eric Blake
2011-11-29 14:15 eblake Organization => Red Hat
2011-11-29 14:15 eblake User Reference => ebb.posix_memalign
2011-11-29 14:15 eblake Section => posix_memalign
2011-11-29 14:15 eblake Page Number => 1418
2011-11-29 14:15 eblake Line Number => 46428
2011-11-29 14:15 eblake Interp Status => ---
2011-11-29 14:16 eblake Relationship added related to 0000467
2011-11-29 14:16 eblake Relationship added related to 0000483
2011-12-12 10:28 geoffclare Relationship added related to 0000526
2012-03-29 16:07 Don Cragun Status Under Review => Resolved
2012-03-29 16:07 Don Cragun Resolution Open => Accepted
2012-03-29 16:07 Don Cragun Tag Attached: tc2-2008
2012-03-29 20:58 eblake Note Added: 0001178
2012-03-30 16:14 joerg Note Added: 0001181
2012-04-02 08:48 geoffclare Note Added: 0001184
2012-04-02 08:48 geoffclare Status Resolved => Under Review
2012-04-02 08:48 geoffclare Resolution Accepted => Reopened
2012-04-05 15:23 Don Cragun Final Accepted Text => See Note: 0001184
2012-04-05 15:23 Don Cragun Status Under Review => Resolved
2012-04-05 15:23 Don Cragun Resolution Reopened => Accepted As Marked
2013-02-07 16:52 eblake Relationship added related to 0000623
2019-06-10 08:55 agadmin Status Resolved => Closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker