Bug 615379 – g_new macros crash if sizeof(struct_type) == 0

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 615379 - g_new macros crash if sizeof(struct_type) == 0


Summary:	g_new macros crash if sizeof(struct_type) == 0


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	general
Version:	2.24.x
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-04-10 18:18 UTC by Jim Evins
Modified:	2012-01-10 15:28 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Jim Evins 2010-04-10 18:18:59 UTC

The new version of the g_new family of macros will crash with a floating point exception if sizeof(struct_type) == 0.  Previous versions would safely return a NULL.

Comment 1 Tor Lillqvist 2010-04-10 20:52:45 UTC

Isn't a struct type with size zero an impossible non-standard abomination anyway? (And when I say non-standard, I mean non-C89.)

Comment 2 Jim Evins 2010-04-10 21:34:44 UTC

I cannot cite whether or not it violates standard, but it is possible with GCC.  You may end up with an empty structure because all your fields happen to be #ifdef'ed out.  In my case, I followed a common pattern for my objects whether they had private data or not.  Neither may be a good idea, but the problem is that code that worked before now crashes.

Comment 3 Behdad Esfahbod 2010-04-22 23:48:13 UTC

diff --git a/glib/gmem.h b/glib/gmem.h
index 2fef766..54f153b 100644
--- a/glib/gmem.h
+++ b/glib/gmem.h
@@ -88,7 +88,7 @@ gpointer g_try_realloc_n  (gpointer    mem,
          if (__s == 1)                 \
            __p = g_##func (__n);                               \
          else if (__builtin_constant_p (__n) &&                \
-                  __n <= G_MAXSIZE / __s)                      \
+                  (__s == 0 || __n <= G_MAXSIZE / __s))        \
            __p = g_##func (__n * __s);                         \
          else                                                  \
            __p = g_##func##_n (__n, __s);                      \
@@ -102,7 +102,7 @@ gpointer g_try_realloc_n  (gpointer  mem,
          if (__s == 1)                                         \
            __p = g_##func (__p, __n);                          \
          else if (__builtin_constant_p (__n) &&                \
-                  __n <= G_MAXSIZE / __s)                      \
+                  (__s == 0 || __n <= G_MAXSIZE / __s))        \
            __p = g_##func (__p, __n * __s);                    \
          else                                                  \
            __p = g_##func##_n (__p, __n, __s);                 \

Comment 4 Behdad Esfahbod 2010-04-22 23:49:15 UTC

Committed to master.

Comment 5 Patrick Welche 2012-01-10 15:28:27 UTC

Comment 1 seems to preempt Bug 641350