为什么 malloc(0) 会导致 Windows 上的重大内存泄漏? [英] Why does malloc(0) cause a major memory leak on Windows?
问题描述
我刚刚结束了愉快的 4.5 小时调试系统中令人讨厌的泄漏.
I have just concluded a happy 4.5 hours of debugging a nasty leak in my system.
事实证明我是这样做的:
It turns out I was doing this:
params = allocate(sizeof(Something*) * num_params);
本质上是调用 malloc 并传入第一个参数.当 num_params 为 0 时,它会调用 malloc(0).
which in turns essentially calls malloc with the first argument passed in. When num_params is 0, it would call malloc(0).
循环运行,程序会很快占用大部分内存.我通过首先检查是否 num_params == 0 来修复它,如果是,则避免调用 allocate.
Running this in a loop, the program would very quickly take up most of the memory. I fixed it by first checking if num_params == 0, and if so avoiding the call to allocate.
我知道标准规定 malloc(0) 是实现定义的.那么,这是如何在 Windows 7 C 运行时库中实现的,为什么会导致泄漏?
I know that the Standard dictates malloc(0) is implementation-defined. So, how is this implemented in the Windows 7 C runtime library, and why does it cause a leak?
澄清问题 - 为什么 malloc(0) 在 Windows 上分配内存,以及指示将分配多少内存的逻辑是什么?
Clarifying the question - why does malloc(0) on Windows allocate memory, and what is the logic that dictates how much memory will be allocated?
推荐答案
malloc(0) 返回一个新的有效地址,因为这是它在 C 标准允许的选项中选择的选项.
malloc(0) returns a new valid address because that's the option it chose among those the C standard permits.
7.22.3 内存管理功能(重点是我的)
1 分配存储的顺序和连续性通过连续调用到aligned_alloc、calloc、malloc 和realloc 函数是未指定.分配成功返回的指针为适当对齐,以便可以将其分配给指向任何类型的指针具有基本对齐要求的对象,然后用于访问空间中的此类对象或此类对象的数组已分配(直到显式释放空间).的一生分配的对象从分配开始直到解除分配.每个这样的分配应产生一个指向对象与任何其他对象不相交.指针返回点到分配空间的开始(最低字节地址).如果无法分配空间,返回空指针.如果大小请求的空间为零,行为是实现定义:要么返回空指针,要么返回行为就像大小是某个非零值,除了返回的指针不得用于访问对象.
1 The order and contiguity of storage allocated by successive calls to the aligned_alloc, calloc, malloc, and realloc functions is unspecified. The pointer returned if the allocation succeeds is suitably aligned so that it may be assigned to a pointer to any type of object with a fundamental alignment requirement and then used to access such an object or an array of such objects in the space allocated (until the space is explicitly deallocated). The lifetime of an allocated object extends from the allocation until the deallocation. Each such allocation shall yield a pointer to an object disjoint from any other object. The pointer returned points to the start (lowest byte address) of the allocated space. If the space cannot be allocated, a null pointer is returned. If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.
windows 上的实现选择了第二种行为.因此它必须进行一些分配以确保需求紧接在之前出现.分配函数返回的每个有效指针都必须与分配函数返回的任何其他指针不相交.
The implementation on windows chooses the second behavior. And so it must do some allocation to ensure the requirement appearing immediately before. Each valid pointer returned by an allocation function must be disjoint from any other pointer returned by an allocation function.
相关阅读:
这篇关于为什么 malloc(0) 会导致 Windows 上的重大内存泄漏?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
