15708 – malloc(0) is not undefined behaviour

New user self-registration is disabled due to spam. For an account please email bugs-admin@lists.llvm.org with your e-mail address and full name.

Bug 15708 - malloc(0) is not undefined behaviour

Summary: malloc(0) is not undefined behaviour

Status:	NEW

Alias:	None

Product:	clang
Classification:	Unclassified
Component:	Static Analyzer (show other bugs)
Version:	unspecified
Hardware:	PC FreeBSD

Importance:	P normal
Assignee:	Ted Kremenek

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-08 23:28 PDT by Colin Percival
Modified:	2016-07-18 10:28 PDT (History)
CC List:	4 users (show)

See Also:
Fixed By Commit(s):

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Colin Percival 2013-04-08 23:28:58 PDT

When encountering a possible malloc(0), the clang analyzer reports a "Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131)" bug.  This text is wrong, since malloc(0) is not *undefined*; rather, it is *implementation-defined*.

A global s/Undefined allocation/Implementation-defined allocation/ in the clang-analyzer source code should fix this.

Comment 1 michael 2016-03-28 12:24:34 PDT

Not only is malloc(0) not undefined behaviour, the two alternatives offered for implementation dependent behaviour (NULL or some other value that can safely be passed to free) are enough to fully define the behaviour of malloc(0).  The only caveats are:

1. It's implementation defined whether the caller can test for NULL when checking for failure.

2. It would seem the meaning of realloc(malloc(0), size) might be implementation defined.

In brief, although calling malloc(0) might be a precondition for one of these two errors, in itself it is *not* a defect or a sign of a defect.  This this warning is itself in error.