>Number:         1806
>Category:       standards
>Synopsis:       realloc(ptr, 0) does not appear to behave correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Dec  3 05:05:00 1995
>Last-Modified:
>Originator:     Peter Seebach
>Organization:
Usenet Fact Police (Undercover)
>Release:        November 20 or so
>Environment:
System: NetBSD taniemarie 1.1 NetBSD 1.1 (SEEBS) #3: Tue Nov 28 18:59:30 CST 1995 seebs@taniemarie:/usr/src/sys/arch/amiga/compile/SEEBS amiga


>Description:
	realloc(ptr, 0) is documented as freeing the given pointer.  It
	does not appear to do so correctly; in any event, repeated
	realloc'ing produces a memory leak.  The code shows no signs of
	checking to see if the desired space is 0.

	Arguably, it should also return NULL for such arguments; after all,
	it returns NULL, or a pointer to the allocated space.  Since
	no space is allocated, there is no allocated space to return a
	pointer to.  The only pointer available which points to no object
	is the null pointer.  :)

	This is a standards bug, because ANSI asserts that realloc(ptr, 0)
	will simply free ptr, and also a practical bug; it is a memory
	leak, if the user (correctly) chooses to ignore the return of
	realloc, which can be a "valid" pointer to 0 bytes of memory.
	(Which is also what you get from malloc(0).  Which is legitimate.)

>How-To-Repeat:
	Allocate space.  realloc() it to 0 bytes.  Repeat.  Watch your
	process size.
>Fix:

	Presumably, realloc(ptr, 0) should just call free(ptr) and return
	a NULL, just as realloc(NULL, size) just acts like a malloc.
>Audit-Trail:
>Unformatted: