View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000520 | 1003.1(2008)/Issue 7 | System Interfaces | public | 2011-11-29 14:15 | 2019-06-10 08:55 |
| Reporter | eblake | Assigned To | ajosey | ||
| Priority | normal | Severity | Objection | Type | Enhancement Request |
| Status | Closed | Resolution | Accepted As Marked | ||
| Name | Eric Blake | ||||
| Organization | Red Hat | ||||
| User Reference | ebb.posix_memalign | ||||
| Section | posix_memalign | ||||
| Page Number | 1418 | ||||
| Line Number | 46428 | ||||
| Interp Status | --- | ||||
| Final Accepted Text | See 0000520:0001184 | ||||
| Summary | 0000520: posix_memalign should not modify memptr on failure | ||||
| Description | The standard is currently silent on the contents of *memptr if posix_memalign( ) fails, however, in the implementations that I surveyed, the pointer was unchanged. Adding a requirement to enforce this behavior can simplify some coding styles. Currently, I have to use: void *ptr = NULL; ... //do some work, which might goto error if (posix_memalign(&ptr, align, size)) { ptr = NULL; goto error; } //do some more work, which might goto error ... error: free(ptr); //more cleanup; But if we guarantee that the pointer is unchanged on error, then the implementation can rely on the previous contents, and skip the (re-)assignment of NULL on error while still ensuring that the pointer can safely be passed to free( ) on all code paths. if (posix_memalign(&ptr, align, size)) goto error; This change is comparable to 0000467 on pipe( ). | ||||
| Desired Action | At line 46428 [XSH posix_memalign RETURN VALUE], change: otherwise, an error number shall be returned to indicate the error. to: otherwise, the contents of memptr shall be left unmodified and an error number shall be returned to indicate the error. | ||||
| Tags | tc2-2008 | ||||
| related to | 0000467 | Closed | ajosey | pipe should not modify fd on failure |
| related to | 0000483 | Closed | ajosey | socketpair should not modify socket_vector on failure |
| related to | 0000526 | Closed | ajosey | Adopt C99 wording for zero size calloc(), malloc() et al. |
| related to | 0000623 | Closed | ajosey | poll should not modify fds[i].fd and fds[i].events |
|
|
For reference, here is the program I used to test things (note that posix_memalign is a relatively new interface, so most platforms that I tried to test on still lacked it - but on GNU/Linux and FreeBSD, my results were consistent). $ cat foo.c #include <stdlib.h> #include <stdio.h> #include <errno.h> #include <stdint.h> #include <string.h> int main() { void *ptr = (void*) 2; printf("ptr=%p\n", ptr); int ret = posix_memalign(&ptr, 3, 3); printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno); printf("%s\n", strerror(ret)); errno = 0; ret = posix_memalign(&ptr, 1024, SIZE_MAX - 2); printf("ptr=%p ret=%d errno=%d ", ptr, ret, errno); printf("%s\n", strerror(ret)); return 0; } $ ./foo ptr=0x2 ptr=0x2 ret=22 errno=0 Invalid argument ptr=0x2 ret=12 errno=12 Cannot allocate memory |
|
|
On Solaris, ptr is always NULL in case of a failure. .... error = ENOMEM; *memptr = ptr; return (error); } The return above is the only return from the function. |
|
|
Given the behaviour on Solaris, I am reopening this bug. Since the point of the requested change was to ensure that if ptr is set to null before a failed call, it will still be null afterwards, and since Solaris explicitly sets it to null, the desired coding style will still work on Solaris. The standard should allow either behaviour. Revised proposal: At line 46428 [XSH posix_memalign RETURN VALUE], change: otherwise, an error number shall be returned to indicate the error. to: otherwise, an error number shall be returned to indicate the error and the contents of memptr shall either be left unmodified or be set to a null pointer. On line 46436 change the EXAMPLES section from: None to: The following example shows how applications can obtain consistent behavior on error by setting *memptr to be a null pointer before calling posix_memalign(). void *ptr = NULL; ... //do some work, which might goto error if (posix_memalign(&ptr, align, size)) goto error; //do some more work, which might goto error ... error: free(ptr); //more cleanup; |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-11-29 14:15 | eblake | New Issue | |
| 2011-11-29 14:15 | eblake | Status | New => Under Review |
| 2011-11-29 14:15 | eblake | Assigned To | => ajosey |
| 2011-11-29 14:15 | eblake | Name | => Eric Blake |
| 2011-11-29 14:15 | eblake | Organization | => Red Hat |
| 2011-11-29 14:15 | eblake | User Reference | => ebb.posix_memalign |
| 2011-11-29 14:15 | eblake | Section | => posix_memalign |
| 2011-11-29 14:15 | eblake | Page Number | => 1418 |
| 2011-11-29 14:15 | eblake | Line Number | => 46428 |
| 2011-11-29 14:15 | eblake | Interp Status | => --- |
| 2011-11-29 14:16 | eblake | Relationship added | related to 0000467 |
| 2011-11-29 14:16 | eblake | Relationship added | related to 0000483 |
| 2011-12-12 10:28 | geoffclare | Relationship added | related to 0000526 |
| 2012-03-29 16:07 | Don Cragun | Status | Under Review => Resolved |
| 2012-03-29 16:07 | Don Cragun | Resolution | Open => Accepted |
| 2012-03-29 16:07 | Don Cragun | Tag Attached: tc2-2008 | |
| 2012-03-29 20:58 | eblake | Note Added: 0001178 | |
| 2012-03-30 16:14 | joerg | Note Added: 0001181 | |
| 2012-04-02 08:48 | geoffclare | Note Added: 0001184 | |
| 2012-04-02 08:48 | geoffclare | Status | Resolved => Under Review |
| 2012-04-02 08:48 | geoffclare | Resolution | Accepted => Reopened |
| 2012-04-05 15:23 | Don Cragun | Final Accepted Text | => See 0000520:0001184 |
| 2012-04-05 15:23 | Don Cragun | Status | Under Review => Resolved |
| 2012-04-05 15:23 | Don Cragun | Resolution | Reopened => Accepted As Marked |
| 2013-02-07 16:52 | eblake | Relationship added | related to 0000623 |
| 2019-06-10 08:55 | agadmin | Status | Resolved => Closed |
