Bug 693001 - realloc and standards conformance
Summary: realloc and standards conformance
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: glibc
Version: 6.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jeff Law
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-01 23:00 UTC by Eric Blake
Modified: 2016-11-24 15:53 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-06 18:31:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Sourceware 12547 0 None None None 2019-05-22 00:50:25 UTC

Description Eric Blake 2011-04-01 23:00:25 UTC
Description of problem:
Right now, there is a huge debate going on between the WG14 working group (C99/C1x), Austin Group (POSIX 2008), and glibc implementers on the correct semantics of realloc(ptr,0).
http://austingroupbugs.net/view.php?id=400
http://sourceware.org/bugzilla/show_bug.cgi?id=12547

If Red Hat intends to comply with C1x or POSIX certification, then glibc _must_ provide a mode where realloc(ptr,0) complies with the standard.  However, in the current state of the debate, it looks like the C committee is at loggerheads with the glibc implementers (C claims that realloc(ptr,0) returning NULL is an error indication, hence ptr is still valid (this happens to match BSD semantics); glibc claims that realloc(ptr,0) returning NULL is a successful call to free(ptr)); worse, the conflict is extremely dangerous to ALL programs:

If code is written assuming glibc semantics but run on a system with the argued C semantics, you have a memory leak (either ptr, or the new non-NULL return value that the code was not expecting, will be leaked).  If code is written assuming C1x semantics but run on a system with the argued glibc semantics, you have a double free (realloc freed ptr, but because it returned NULL and the program assumes ptr is still valid, the program frees ptr again).  Either way, an application loses if _ANY_ standards document requires exactly one behavior rather than documenting both historical behaviors and warning applications of the portability pitfalls if they are not aware of both behaviors.

Can Red Hat please step up its involvement with WG14 to request that the C1x ballot be changed to support glibc's current implementation (effectively by recommending that realloc(ptr,0) be given implementation-defined semantics and effectively be labeled non-portable in practice) rather than hard-lining their current interpretation that realloc(ptr,0) must not return NULL if it freed ptr?

Comment 2 RHEL Program Management 2011-04-04 02:08:18 UTC
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 5 Jeff Law 2012-02-06 18:31:32 UTC
AFAICT, the final wording stated that realloc (ptr, 0) is implementation defined which (at least for now) blesses glibc's behaviour.  However, long term the committee states they're considering changing the language to further clarify behaviour in this situation.

It's not ideal, but reasonable given the overall situation.


Note You need to log in before you can comment on or make changes to this bug.