{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《What is the limit on malloc parameter of type size》','https://www.manongdao.com/q-666708.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to allocate a 2.9GB char array with
database = (char*) malloc((2900 * 1000000 * sizeof(char)));
This gives an integer overflow warning and the malloc returns NULL. The
malloc parameter is of type size_t which according to documentation is of type
unsigned int.
So the max should be UINT_MAX which is at least 2.9GB. However, if
I try to allocate more than MAX_INT the malloc fails. Does this mean
size_t on my system is of type int? How do I check this? I looked through
/usr/include/stdlib.h
and
./lib/gcc/x86_64-redhat-linux/4.1.1/include/stddef.h
but
can't find the definition of size_t. Thanks very much
The parameter is of type
size_tandmallocis required to accept any possible value of typesize_t. Note that "accept" does not meant it is required to allocate that much; all it means is thatmallocis not allowed to misinterpret a very large number you give it as a small/negative number due to overflow issues, thereby returning a buffer that's too small and creating a critical undetectable vulnerability your program cannot defend against. There are many possible reasonsmalloccould fail to allocate very large objects:In this case I suspect you might be seeing the third, arbitrary limits, though I would not consider them so arbitrary. There's a very good reason to disallow allocations (and the existence of any objects) larger than
SIZE_MAX/2: taking the difference between pointers within such large objects will result in (extremely dangerous) integer overflow and undefined behavior when the result does not fit in the (signed) typeptrdiff_t. Thus, on a robust 32-bit system, while the virtual address space size is 4GB, the maximum size of any single object will be 2GB.There are two issues here.
First, the overflow warning: both
2900and1000000are of typeint, so the result of multiplying them is also of typeint. The result cannot be represented by a 32-bit signed integer, so it overflows. You need to cast one (or both) arguments tosize_tto use unsigned arithmetic.(Or, you could move the
sizeof(char)to be one of the first two terms, since its type issize_t, though you can also just remove thesizeof(char)since it is always1.)Second, the maximum size that
malloccan allocate depends both on the platform on which you are running and on the current state of the program. If there is insufficient contiguous address space left to satisfy the request, obviously themallocwill fail.Further, the platform on which you are running may have an upper limit on how large an object it can dynamically allocate. You'll need to consult your platform's documentation to find out what that upper limit is.
size_tis certainly notint, becauseintis always signed andsize_tis always unsigned.The maximum size that malloc can allocate depends both on the platform on which you are running and on the current state of the program. If there is insufficient contiguous address space left to satisfy the request, the malloc will fail obviously.