Wireshark-dev: Re: [Wireshark-dev] Memory corrupted
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 14 Mar 2012 13:51:40 -0700
On Mar 14, 2012, at 1:15 PM, Jakub Zawadzki wrote:

> On Wed, Mar 14, 2012 at 09:01:07PM +0100, Akos Vandra wrote:
>> Figured it out, however this is a bug in wireshark, I suppose.
>> A call to ep_alloc(0) was the culprit. IMHO that should not be a
>> problem, as I expect it to work as malloc works, and malloc should
>> handle a 0 size, as stated in the C standard.
> 
> In which way? It should return NULL (glib-like) or some not-NULL pointer (glibc-like)?
> AFAIR in C standard it's UB.

Implementation-defined behavior.

C90:

	If the size of the space requested is zero, the behavior is implementation-defined, the value returned shall be either a null pointer or a unique pointer.

C99:

	If the size of the space requested is zero, the behavior is implementation- defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.

C99 makes it clearer that, as you note, you should *not* attempt to dereference the pointer.