Posted Aug 12, 2005 6:21 UTC (Fri) by chad.netzer
(✭ supporter ✭
In reply to: calloc idiocy
Parent article: kzalloc()
You, of course, meant to say "malloc(4 * sizeof(t))", but we get your point.
However, what happens when n * sizeof(t) is greater than size_t? Then the request can succeed, due to overflow making a small number out of a very large number. You get a pointer to the memory you requested, but you got a much smaller amount than you expected. calloc() detects these errors and returns NULL.
Of course, you may expect that these cases are rare, and modern OSes will simply memory fault when accessing unallocated memory. However, on embedded systems, or kernel code, such memory protection may not exist, and this error can be much more problematic. If a user can somehow trick the system into generating this allocation (ie. without checking every array memory request that a user might be able to influence for overflow), you have a potential security bug. calloc() does exactly that, so it has its uses.
See this lkml post for more info:
to post comments)