1MALLOC(3)                  Linux Programmer's Manual                 MALLOC(3)
2
3
4

NAME

6       malloc, free, calloc, realloc - allocate and free dynamic memory
7

SYNOPSIS

9       #include <stdlib.h>
10
11       void *malloc(size_t size);
12       void free(void *ptr);
13       void *calloc(size_t nmemb, size_t size);
14       void *realloc(void *ptr, size_t size);
15       void *reallocarray(void *ptr, size_t nmemb, size_t size);
16
17   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
18
19       reallocarray():
20           _GNU_SOURCE
21

DESCRIPTION

23       The malloc() function allocates size bytes and returns a pointer to the
24       allocated memory.  The memory is not initialized.  If size is  0,  then
25       malloc()  returns either NULL, or a unique pointer value that can later
26       be successfully passed to free().
27
28       The free() function frees the memory space pointed  to  by  ptr,  which
29       must  have  been  returned by a previous call to malloc(), calloc(), or
30       realloc().  Otherwise, or if free(ptr) has already been called  before,
31       undefined behavior occurs.  If ptr is NULL, no operation is performed.
32
33       The  calloc()  function allocates memory for an array of nmemb elements
34       of size bytes each and returns a pointer to the allocated memory.   The
35       memory  is  set  to zero.  If nmemb or size is 0, then calloc() returns
36       either NULL, or a unique pointer value that can later  be  successfully
37       passed to free().
38
39       The  realloc() function changes the size of the memory block pointed to
40       by ptr to size bytes.  The contents will be unchanged in the range from
41       the start of the region up to the minimum of the old and new sizes.  If
42       the new size is larger than the old size, the added memory will not  be
43       initialized.   If  ptr  is  NULL,  then  the call is equivalent to mal‐
44       loc(size), for all values of size; if size is equal to zero, and ptr is
45       not  NULL,  then  the  call  is equivalent to free(ptr).  Unless ptr is
46       NULL, it must have been returned by an earlier call to  malloc(),  cal‐
47       loc(),  or realloc().  If the area pointed to was moved, a free(ptr) is
48       done.
49
50       The reallocarray() function  changes  the  size  of  the  memory  block
51       pointed  to  by  ptr to be large enough for an array of nmemb elements,
52       each of which is size bytes.  It is equivalent to the call
53
54               realloc(ptr, nmemb * size);
55
56       However, unlike that realloc() call, reallocarray() fails safely in the
57       case  where  the  multiplication  would  overflow.  If such an overflow
58       occurs, reallocarray() returns NULL, sets errno to ENOMEM,  and  leaves
59       the original block of memory unchanged.
60

RETURN VALUE

62       The  malloc()  and calloc() functions return a pointer to the allocated
63       memory, which is suitably aligned for any  built-in  type.   On  error,
64       these functions return NULL.  NULL may also be returned by a successful
65       call to malloc() with a size of zero, or by a successful call  to  cal‐
66       loc() with nmemb or size equal to zero.
67
68       The free() function returns no value.
69
70       The realloc() function returns a pointer to the newly allocated memory,
71       which is suitably aligned for any built-in type and  may  be  different
72       from ptr, or NULL if the request fails.  If size was equal to 0, either
73       NULL or a pointer suitable to be passed  to  free()  is  returned.   If
74       realloc()  fails, the original block is left untouched; it is not freed
75       or moved.
76
77       On success, the reallocarray() function returns a pointer to the  newly
78       allocated  memory.   On failure, it returns NULL and the original block
79       of memory is left untouched.
80

ERRORS

82       calloc(), malloc(), realloc(), and reallocarray()  can  fail  with  the
83       following error:
84
85       ENOMEM Out  of  memory.  Possibly, the application hit the RLIMIT_AS or
86              RLIMIT_DATA limit described in getrlimit(2).
87

ATTRIBUTES

89       For  an  explanation  of  the  terms  used   in   this   section,   see
90       attributes(7).
91
92       ┌─────────────────────┬───────────────┬─────────┐
93       │Interface            │ Attribute     │ Value   │
94       ├─────────────────────┼───────────────┼─────────┤
95       │malloc(), free(),    │ Thread safety │ MT-Safe │
96       │calloc(), realloc()  │               │         │
97       └─────────────────────┴───────────────┴─────────┘

CONFORMING TO

99       malloc(), free(), calloc(), realloc(): POSIX.1-2001, POSIX.1-2008, C89,
100       C99.
101
102       reallocarray() is a nonstandard extension that first appeared in  Open‐
103       BSD 5.6 and FreeBSD 11.0.
104

NOTES

106       By  default,  Linux  follows  an optimistic memory allocation strategy.
107       This means that when malloc() returns non-NULL there  is  no  guarantee
108       that  the  memory  really  is available.  In case it turns out that the
109       system is out of memory, one or more processes will be  killed  by  the
110       OOM   killer.    For   more   information,   see   the  description  of
111       /proc/sys/vm/overcommit_memory and /proc/sys/vm/oom_adj in proc(5), and
112       the Linux kernel source file Documentation/vm/overcommit-accounting.
113
114       Normally, malloc() allocates memory from the heap, and adjusts the size
115       of the heap as required, using sbrk(2).  When allocating blocks of mem‐
116       ory larger than MMAP_THRESHOLD bytes, the glibc malloc() implementation
117       allocates the memory as a  private  anonymous  mapping  using  mmap(2).
118       MMAP_THRESHOLD  is  128 kB  by  default,  but  is adjustable using mal‐
119       lopt(3).  Prior to Linux 4.7 allocations performed using  mmap(2)  were
120       unaffected  by  the  RLIMIT_DATA  resource limit; since Linux 4.7, this
121       limit is also enforced for allocations performed using mmap(2).
122
123       To avoid corruption in multithreaded  applications,  mutexes  are  used
124       internally to protect the memory-management data structures employed by
125       these functions.  In  a  multithreaded  application  in  which  threads
126       simultaneously  allocate and free memory, there could be contention for
127       these mutexes.  To scalably handle memory allocation  in  multithreaded
128       applications,  glibc  creates  additional  memory  allocation arenas if
129       mutex contention is detected.  Each arena is a large region  of  memory
130       that  is  internally allocated by the system (using brk(2) or mmap(2)),
131       and managed with its own mutexes.
132
133       SUSv2 requires malloc(), calloc(), and realloc() to set errno to ENOMEM
134       upon  failure.  Glibc assumes that this is done (and the glibc versions
135       of these routines do this); if you use a private malloc  implementation
136       that does not set errno, then certain library routines may fail without
137       having a reason in errno.
138
139       Crashes in malloc(), calloc(), realloc(), or free() are  almost  always
140       related  to  heap corruption, such as overflowing an allocated chunk or
141       freeing the same pointer twice.
142
143       The malloc() implementation is tunable via environment  variables;  see
144       mallopt(3) for details.
145

SEE ALSO

147       valgrind(1), brk(2), mmap(2), alloca(3), malloc_get_state(3),
148       malloc_info(3), malloc_trim(3), malloc_usable_size(3), mallopt(3),
149       mcheck(3), mtrace(3), posix_memalign(3)
150

COLOPHON

152       This page is part of release 4.15 of the Linux man-pages project.  A
153       description of the project, information about reporting bugs, and the
154       latest version of this page, can be found at
155       https://www.kernel.org/doc/man-pages/.
156
157
158
159GNU                               2017-09-15                         MALLOC(3)