malloc/calloc return value NULL check
Thomas Stüfe
thomas.stuefe at gmail.com
Fri Jul 11 16:19:22 UTC 2025
Absolutely, yes.
The larger the allocated size, the more important. Linux kernel, by
default, only protects a small area against NULL accesses; depending on
distro, 4KB or 64 (?) KB. And the JVM, at various places, allocates in
low-area ranges. So accessing NULL+<large offset> can actually land you at
a valid unrelated address instead of faulting.
/Thomas
On Fri, Jul 11, 2025 at 2:57 PM Baesken, Matthias <matthias.baesken at sap.com>
wrote:
> Hi, when playing around with the GCC static analyzer (
> https://developers.redhat.com/articles/2022/04/12/state-static-analysis-gcc-12-compiler
> ) I noticed
>
> a lot of complaints about missing NULL checks of malloc/calloc return
> values in the code base.
>
>
>
> While we check these return values for NULL at a lot of places in the
> codebase, it is not done always.
>
> Should we do it always (except 3rd party code probably where we do not
> want to have large diffs to upstream) ?
>
>
>
> Or is it considered not important enough to do it always?
>
>
>
> Best regards, Matthias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/build-dev/attachments/20250711/39af3490/attachment-0001.htm>
More information about the build-dev
mailing list