On Wed, Apr 29, 2015 at 8:04 PM, James K. Lowden <jklowden at schemamania.org> wrote:
> On Wed, 29 Apr 2015 02:39:50 -0600 > Scott Robison <scott at casaderobison.com> wrote: > > > On linux, malloc may return a non null yet invalid pointer and only > > fail when the memory is accessed because it wasn't really available. > > Citation needed. I believe SIGSEGV is possible with anonymous mmap and > overcommitted memory. ISTR I've read as much. But I was unable to > find a definitive reference saying as much when I looked for one in > answering this message. > > It's not quite accurate to say the pointer is "invalid". It's valid; > it just refers to memory the system may not be able to supply when > committed_memory > memory. > 1. From http://linux.die.net/man/3/malloc By default, Linux follows an optimistic memory allocation strategy. This > means that when *malloc*() returns non-NULL there is no guarantee that > the memory really is available. In case it turns out that the system is out > of memory, one or more processes will be killed by the OOM killer. For more > information, see the description of*/proc/sys/vm/overcommit_memory* and > */proc/sys/vm/oom_adj* in *proc <http://linux.die.net/man/5/proc>*(5), > and the Linux kernel source file *Documentation/vm/overcommit-accounting*. 2. From ISO/IEC 9899 1990 7.10.3.3 Synopsis Description > The malloc function allocates space for an object whose size is specified > by size and > whose value is indeterminate. > Returns > The malloc function returns either a null pointer or a pointer to the > allocated space. 3. The following code should never cause an error per the relevant standards: char* p = malloc(1); if (p) *p = 'x'; That code can fail on a system configured to overcommit memory. By that standard, the pointer is invalid. -- Scott Robison