{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《Does fprintf use malloc() under the hood?》','https://www.manongdao.com/q-1235517.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want a minimal o-damn-malloc-just-failed handler, which writes some info to a file (probably just standard error). I would prefer to use fprintf() rather than write(), but this will fail badly if fprintf() itself tries to malloc().
Is there some guarantee, either in the C standard, or even just in glibc that fprintf won't do this?
The only functions you can be reasonably sure will not call
mallocare those marked async-signal-safe by POSIX. Sincemallocis not required to be async-signal-safe (and since it's essentially impossible to make it async-signal-safe without making it unusably inefficient), async-signal-safe functions normally cannot call it.With that said, I'm nearly sure glibc's
printffunctions (includingfprintfand evensnprintf) can and will usemallocfor some (all?) format strings.No, there's no guarantee that it won't. However, most implementations I've seen tend to use a fixed size buffer for creating the formatted output string (a).
In terms of glibc (source here), there are calls to
mallocwithinstdio-common/vfprintf.c, which a lot of theprintffamily use at the lower end, so I wouldn't rely on it if I were you. Even the string-buffer output calls likesprintf, which you may think wouldn't need it, seem to resolve down to that call, after setting up some trickyFILE-like string handles - seelibio/iovsprintf.c.My advice is to then write your own code for doing the output so as to ensure no memory allocations are done under the hood (and hope, of course, that
writeitself doesn't do this (unlikelier than*printfdoing it)). Since you're probably not going to be outputting much converted stuff anyway (probably just"Dang, I done run outta memory!"), the need for formatted output should be questionable anyway.(a) The C99 environmental considerations gives an indication that (at least) some early implementations had a buffering limit. From my memory of the Turbo C stuff, I thought 4K was about the limit and indeed, C99 states (in
7.19.6.1 fprintf):(the mandate for C89 was to codify existing practice, not create a new language, and that's one reason why some of these mimimum maxima were put in the standard - they were carried forward to later iterations of the standard).
The C standard doesn't guarantee that
fprintfwon't callmallocunder the hood. Indeed, it doesn't guarantee anything about what happens when you overridemalloc. You should refer to the documentation for your specific C library, or simply write your ownfprintf-like function which makes direct syscalls, avoiding any possibility of heap allocation.