View Issue Details

IDProjectCategoryView StatusLast Update
00005201003.1(2008)/Issue 7System Interfacespublic2019-06-10 08:55
Reportereblake Assigned Toajosey  
PrioritynormalSeverityObjectionTypeEnhancement Request
Status ClosedResolutionAccepted As Marked 
NameEric Blake
OrganizationRed Hat
User Referenceebb.posix_memalign
Sectionposix_memalign
Page Number1418
Line Number46428
Interp Status---
Final Accepted TextSee 0000520:0001184
Summary0000520: posix_memalign should not modify memptr on failure
DescriptionThe standard is currently silent on the contents of *memptr if
posix_memalign( ) fails, however, in the implementations that I
surveyed, the pointer was unchanged. Adding a requirement to
enforce this behavior can simplify some coding styles. Currently,
I have to use:

void *ptr = NULL;
...
//do some work, which might goto error
if (posix_memalign(&ptr, align, size)) {
  ptr = NULL;
  goto error;
}
//do some more work, which might goto error
...
error:
  free(ptr);
  //more cleanup;

But if we guarantee that the pointer is unchanged on error, then the
implementation can rely on the previous contents, and skip the
(re-)assignment of NULL on error while still ensuring that the
pointer can safely be passed to free( ) on all code paths.

if (posix_memalign(&ptr, align, size))
  goto error;

This change is comparable to 0000467 on pipe( ).
Desired ActionAt line 46428 [XSH posix_memalign RETURN VALUE], change:

otherwise, an error number shall be returned to indicate the error.

to:

otherwise, the contents of memptr shall be left unmodified and an
error number shall be returned to indicate the error.
Tagstc2-2008

Relationships

related to 0000467 Closedajosey pipe should not modify fd on failure 
related to 0000483 Closedajosey socketpair should not modify socket_vector on failure 
related to 0000526 Closedajosey Adopt C99 wording for zero size calloc(), malloc() et al. 
related to 0000623 Closedajosey poll should not modify fds[i].fd and fds[i].events 

Activities

eblake

2012-03-29 20:58

manager   bugnote:0001178

For reference, here is the program I used to test things (note that
posix_memalign is a relatively new interface, so most platforms that
I tried to test on still lacked it - but on GNU/Linux and FreeBSD, my
results were consistent).

$ cat foo.c
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <stdint.h>
#include <string.h>
int main() {
    void *ptr = (void*) 2;
    printf("ptr=%p\n", ptr);
    int ret = posix_memalign(&ptr, 3, 3);
    printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno);
    printf("%s\n", strerror(ret));
    errno = 0;
    ret = posix_memalign(&ptr, 1024, SIZE_MAX - 2);
    printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno);
    printf("%s\n", strerror(ret));
    return 0;
}
$ ./foo
ptr=0x2
ptr=0x2 ret=22 errno=0 Invalid argument
ptr=0x2 ret=12 errno=12 Cannot allocate memory

joerg

2012-03-30 16:14

reporter   bugnote:0001181

On Solaris, ptr is always NULL in case of a failure.

....
                error = ENOMEM;

        *memptr = ptr;
        return (error);
}

The return above is the only return from the function.

geoffclare

2012-04-02 08:48

manager   bugnote:0001184

Given the behaviour on Solaris, I am reopening this bug.

Since the point of the requested change was to ensure that
if ptr is set to null before a failed call, it will still be
null afterwards, and since Solaris explicitly sets it to null,
the desired coding style will still work on Solaris. The
standard should allow either behaviour.

Revised proposal:

At line 46428 [XSH posix_memalign RETURN VALUE], change:

otherwise, an error number shall be returned to indicate the error.

to:

otherwise, an error number shall be returned to indicate the error
and the contents of memptr shall either be left unmodified or be
set to a null pointer.

On line 46436 change the EXAMPLES section from:

None

to:

The following example shows how applications can obtain consistent
behavior on error by setting *memptr to be a null pointer before
calling posix_memalign().

void *ptr = NULL;
...
//do some work, which might goto error
if (posix_memalign(&ptr, align, size))
  goto error;

//do some more work, which might goto error
...
error:
  free(ptr);
  //more cleanup;

Issue History

Date Modified Username Field Change
2011-11-29 14:15 eblake New Issue
2011-11-29 14:15 eblake Status New => Under Review
2011-11-29 14:15 eblake Assigned To => ajosey
2011-11-29 14:15 eblake Name => Eric Blake
2011-11-29 14:15 eblake Organization => Red Hat
2011-11-29 14:15 eblake User Reference => ebb.posix_memalign
2011-11-29 14:15 eblake Section => posix_memalign
2011-11-29 14:15 eblake Page Number => 1418
2011-11-29 14:15 eblake Line Number => 46428
2011-11-29 14:15 eblake Interp Status => ---
2011-11-29 14:16 eblake Relationship added related to 0000467
2011-11-29 14:16 eblake Relationship added related to 0000483
2011-12-12 10:28 geoffclare Relationship added related to 0000526
2012-03-29 16:07 Don Cragun Status Under Review => Resolved
2012-03-29 16:07 Don Cragun Resolution Open => Accepted
2012-03-29 16:07 Don Cragun Tag Attached: tc2-2008
2012-03-29 20:58 eblake Note Added: 0001178
2012-03-30 16:14 joerg Note Added: 0001181
2012-04-02 08:48 geoffclare Note Added: 0001184
2012-04-02 08:48 geoffclare Status Resolved => Under Review
2012-04-02 08:48 geoffclare Resolution Accepted => Reopened
2012-04-05 15:23 Don Cragun Final Accepted Text => See 0000520:0001184
2012-04-05 15:23 Don Cragun Status Under Review => Resolved
2012-04-05 15:23 Don Cragun Resolution Reopened => Accepted As Marked
2013-02-07 16:52 eblake Relationship added related to 0000623
2019-06-10 08:55 agadmin Status Resolved => Closed