Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Jul 2003 16:49:34 +1000
From:      Andrew Reilly <areilly@bigpond.net.au>
To:        Mike Tancsa <mike@sentex.net>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: malloc does not return null when out of memory
Message-ID:  <3F1F817E.7040504@bigpond.net.au>
In-Reply-To: <5.2.0.9.0.20030723234250.052821e8@192.168.0.12>
References:  <20030723173427.GA72876@vmunix.com> <20030723173427.GA72876@vmunix.com> <5.2.0.9.0.20030723234250.052821e8@192.168.0.12>

next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote:

> At 08:15 PM 7/23/2003 -0700, Kris Kennaway wrote:
>
>> On Wed, Jul 23, 2003 at 01:34:27PM -0400, Gabor wrote:
>>
>> > Here is the tail end of the output.  It dies when trying to poke at
>> > the memory using memset.  If I just malloc without the memset, it
>> > never even dies.
>>
>> Ah, the annual "memory overcommit" thread.  I thought we were overdue
>> for one.
>
>
>
> But why does the man page for malloc (3) say,
>
>     If malloc() fails, a NULL pointer is returned.


Because that's what happens.  See the subthread with the ulimit examples.

In the cases being cited, the malloc itself is not failing, because it 
is able to return a pointer to a chunk of *VM*.  The problem occurrs 
later, when the program attempts to read or write to that memory, and it 
doesn't occur because malloc was wrong, but because no other process has 
exited or unmapped something in the mean-time, to free up a page to back 
that address space.

--
Andrew



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F1F817E.7040504>