 |  |  |  |  |  |  |  |
reasons why malloc fails?
Please support our C advertiser: Programming Forums - DaniWeb Sister Site
 |
•
•
•
•
Originally Posted by prasath
will someone point me the reasons why a call to malloc fails even if we have enough memory ?
•
•
Join Date: Mar 2006
Posts: 176
Reputation: 
Solved Threads: 22
Junior Poster
Every process in Windows NT has one heap called the default heap. The Win32 subsystem uses the default heap for all global and local memory management functions, and the C run-time library uses the default heap for supporting malloc functions.
maaloc can fail as it cant allocate memory bigger than default heap. not all system memory is available to malloc.
maaloc can fail as it cant allocate memory bigger than default heap. not all system memory is available to malloc.
•
•
Join Date: Aug 2005
Posts: 15,672
Reputation: 
Solved Threads: 1502
The in MS-Windows the default heap is not static -- the os will expand it as needed. But since malloc() takes an size_t integer as the parameter the largest amount of memory malloc can allocate at one time is the largest value that can be stored in the size_t integer (see limits.h). And yes, all the computer's available and unused memory can be used by malloc with the previously mentioned restriction.
malloc() normally fails today for one of two reason: (1) attempt to allocate more memory then is available, or (2) memory has been previously trashed (most common reason) such as buffer overflows and using uninitialized pointers (although there are a whole host of other causes).
malloc() normally fails today for one of two reason: (1) attempt to allocate more memory then is available, or (2) memory has been previously trashed (most common reason) such as buffer overflows and using uninitialized pointers (although there are a whole host of other causes).
•
•
Join Date: Dec 2005
Posts: 5,850
Reputation:
Solved Threads: 751
> will someone point me the reasons why a call to malloc fails even if we have enough memory ?
My guess is you're still using crusty old TurboC which is limited to 640K no matter how many GB of memory you have on your pentium powered, XP hosted machine.
"Hello, yes I'd like to buy a Ferrari please"
"Certainly sir, will you be wanting to replace the engine with an elastic band?"
My guess is you're still using crusty old TurboC which is limited to 640K no matter how many GB of memory you have on your pentium powered, XP hosted machine.
"Hello, yes I'd like to buy a Ferrari please"
"Certainly sir, will you be wanting to replace the engine with an elastic band?"
•
•
•
•
Originally Posted by Ancient Dragon 
The in MS-Windows the default heap is not static -- the os will expand it as needed. But since malloc() takes an size_t integer as the parameter the largest amount of memory malloc can allocate at one time is the largest value that can be stored in the size_t integer (see limits.h). And yes, all the computer's available and unused memory can be used by malloc with the previously mentioned restriction.
malloc() normally fails today for one of two reason: (1) attempt to allocate more memory then is available, or (2) memory has been previously trashed (most common reason) such as buffer overflows and using uninitialized pointers (although there are a whole host of other causes).
>Can any one explain what exactly happens when there
>is a buffer over flow and how does it affect malloc.
No, because that's an implementation detail. It depends on how malloc works for your system as well as what you're doing in your code. Post your code that fails (preferably a small example that still fails) and I can describe what you're doing wrong and speculate about what's happening behind the scenes.
>is a buffer over flow and how does it affect malloc.
No, because that's an implementation detail. It depends on how malloc works for your system as well as what you're doing in your code. Post your code that fails (preferably a small example that still fails) and I can describe what you're doing wrong and speculate about what's happening behind the scenes.
New members chased away this month: 5
•
•
•
•
Originally Posted by Narue
>Can any one explain what exactly happens when there
>is a buffer over flow and how does it affect malloc.
No, because that's an implementation detail. It depends on how malloc works for your system as well as what you're doing in your code. Post your code that fails (preferably a small example that still fails) and I can describe what you're doing wrong and speculate about what's happening behind the scenes.
One buffer is defined as "char buf[1001]" and "buf" is assigned with 1000 characters.
Later inside the code I am doing the following..
char *name, *temp;
name = (char *)malloc(500);
strcpy(name, buf);
temp = (char *)malloc(sizeof(char));
In this piece of code, name is allocated with 500 bytes and 1000 bytes are copied into this memory resulting in a buffer overflow. Due to this malloc at "temp = (char *)malloc(sizeof(char));" instruction is failing. I am trying to understand how this buffer overflow is causing a problem to malloc even though there is a sufficient memory is available.
>I am trying to understand how this buffer overflow is causing a problem
>to malloc even though there is a sufficient memory is available.
It's not about there being sufficient memory. If you've corrupted the memory manager's housekeeping data, it can't properly do its job. A buffer overflow can easily cause that kind of corruption.
>to malloc even though there is a sufficient memory is available.
It's not about there being sufficient memory. If you've corrupted the memory manager's housekeeping data, it can't properly do its job. A buffer overflow can easily cause that kind of corruption.
New members chased away this month: 5
•
•
Join Date: Mar 2006
Posts: 176
Reputation:
Solved Threads: 22
Junior Poster
Your heap is divided into segments you can have maximum 64 segments and each segment is divided into blocks. The blocks are the actuall memory you allocate.
The first heap block is an allocation of 8 bytes. This block is also a free block.
The second heap block that follows it is an allocation of 16 bytes. This block is not free.
So in a heap block, the first 8 bytes is the heap header. In my case 02 00 03 00 03 00 00 00 is the heap header of the first block
03 00 02 00 03 01 0c 00 is the heap header of the second heap block.
First four bytes are the size of a heap block Once you run your code you actually corrupt the next heap block. You just overwrite the size. This does not effect functioning of malloc but it corrups the memory, once you try to access that memory you expect a crash due to access denied error ..!!
The first heap block is an allocation of 8 bytes. This block is also a free block.
The second heap block that follows it is an allocation of 16 bytes. This block is not free.
C Syntax (Toggle Plain Text)
03 00 02 00 03 01 0c 00 is the heap header of the second heap block.
First four bytes are the size of a heap block Once you run your code you actually corrupt the next heap block. You just overwrite the size. This does not effect functioning of malloc but it corrups the memory, once you try to access that memory you expect a crash due to access denied error ..!!
I know I am. Therefore I am.
|
Similar Threads
- Malloc Fails (C)
- new implementation (C++)
Other Threads in the C Forum
- Previous Thread: Calling two different C program via OS command line
- Next Thread: compiler flags
Views: 8645 | Replies: 16
| Thread Tools | Search this Thread |
Latest C Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for C
* api append array arrays bash binarysearch changingto char character cm copyanyfile copypdffile createcopyoffile createprocess() csyntax database directory drawing dynamic executable execv feet fgets file floatingpointvalidation fork frequency function getlogicaldrivestrin givemetehcodez global graphics gtkwinlinux histogram homework i/o ide include infiniteloop initialization input interest intmain() iso keyboard kilometer lazy license linked linkedlist linux list looping lowest matrix meter microsoft mqqueue mysql oddnumber odf open openwebfoundation overwrite pause pdf pointer pointers posix power program programming pyramidusingturboccodes read recursion recv recvblocked reversing scheduling segmentationfault send single socketprogramming spoonfeeding standard strchr string student suggestions system test testautomation testing unix urboc user whythiscodecausesegmentationfault win32api windowsapi
