1MALLOC(3) Linux Programmer's Manual MALLOC(3)
2
6 malloc, free, calloc, realloc - allocate and free dynamic memory
7
9 #include <stdlib.h>
10 void *malloc(size_t size);
12 void free(void *ptr);
13 void *calloc(size_t nmemb, size_t size);
14 void *realloc(void *ptr, size_t size);
15 void *reallocarray(void *ptr, size_t nmemb, size_t size);
16 Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
18 reallocarray(): _GNU_SOURCE
20 Since glibc 2.29:
21 _DEFAULT_SOURCE
22 Glibc 2.28 and earlier:
23 _GNU_SOURCE
24
26 The malloc() function allocates size bytes and returns a pointer to the
27 allocated memory. The memory is not initialized. If size is 0, then
28 malloc() returns either NULL, or a unique pointer value that can later
29 be successfully passed to free().
30 The free() function frees the memory space pointed to by ptr, which
32 must have been returned by a previous call to malloc(), calloc(), or
33 realloc(). Otherwise, or if free(ptr) has already been called before,
34 undefined behavior occurs. If ptr is NULL, no operation is performed.
35 The calloc() function allocates memory for an array of nmemb elements
37 of size bytes each and returns a pointer to the allocated memory. The
38 memory is set to zero. If nmemb or size is 0, then calloc() returns
39 either NULL, or a unique pointer value that can later be successfully
40 passed to free(). If the multiplication of nmemb and size would result
41 in integer overflow, then calloc() returns an error. By contrast, an
42 integer overflow would not be detected in the following call to mal‐
43 loc(), with the result that an incorrectly sized block of memory would
44 be allocated:
45 malloc(nmemb * size);
47 The realloc() function changes the size of the memory block pointed to
49 by ptr to size bytes. The contents will be unchanged in the range from
50 the start of the region up to the minimum of the old and new sizes. If
51 the new size is larger than the old size, the added memory will not be
52 initialized. If ptr is NULL, then the call is equivalent to mal‐
53 loc(size), for all values of size; if size is equal to zero, and ptr is
54 not NULL, then the call is equivalent to free(ptr). Unless ptr is
55 NULL, it must have been returned by an earlier call to malloc(), cal‐
56 loc(), or realloc(). If the area pointed to was moved, a free(ptr) is
57 done.
58 The reallocarray() function changes the size of the memory block
60 pointed to by ptr to be large enough for an array of nmemb elements,
61 each of which is size bytes. It is equivalent to the call
62 realloc(ptr, nmemb * size);
64 However, unlike that realloc() call, reallocarray() fails safely in the
66 case where the multiplication would overflow. If such an overflow
67 occurs, reallocarray() returns NULL, sets errno to ENOMEM, and leaves
68 the original block of memory unchanged.
69
71 The malloc() and calloc() functions return a pointer to the allocated
72 memory, which is suitably aligned for any built-in type. On error,
73 these functions return NULL. NULL may also be returned by a successful
74 call to malloc() with a size of zero, or by a successful call to cal‐
75 loc() with nmemb or size equal to zero.
76 The free() function returns no value.
78 The realloc() function returns a pointer to the newly allocated memory,
80 which is suitably aligned for any built-in type and may be different
81 from ptr, or NULL if the request fails. If size was equal to 0, either
82 NULL or a pointer suitable to be passed to free() is returned. If
83 realloc() fails, the original block is left untouched; it is not freed
84 or moved.
85 On success, the reallocarray() function returns a pointer to the newly
87 allocated memory. On failure, it returns NULL and the original block
88 of memory is left untouched.
89
91 calloc(), malloc(), realloc(), and reallocarray() can fail with the
92 following error:
93 ENOMEM Out of memory. Possibly, the application hit the RLIMIT_AS or
95 RLIMIT_DATA limit described in getrlimit(2).
96
98 For an explanation of the terms used in this section, see
99 attributes(7).
100 ┌─────────────────────┬───────────────┬─────────┐
102 │Interface │ Attribute │ Value │
103 ├─────────────────────┼───────────────┼─────────┤
104 │malloc(), free(), │ Thread safety │ MT-Safe │
105 │calloc(), realloc() │ │ │
106 └─────────────────────┴───────────────┴─────────┘
108 malloc(), free(), calloc(), realloc(): POSIX.1-2001, POSIX.1-2008, C89,
109 C99.
110 reallocarray() is a nonstandard extension that first appeared in Open‐
112 BSD 5.6 and FreeBSD 11.0.
113
115 By default, Linux follows an optimistic memory allocation strategy.
116 This means that when malloc() returns non-NULL there is no guarantee
117 that the memory really is available. In case it turns out that the
118 system is out of memory, one or more processes will be killed by the
119 OOM killer. For more information, see the description of
120 /proc/sys/vm/overcommit_memory and /proc/sys/vm/oom_adj in proc(5), and
121 the Linux kernel source file Documentation/vm/overcommit-account‐
122 ing.rst.
123 Normally, malloc() allocates memory from the heap, and adjusts the size
125 of the heap as required, using sbrk(2). When allocating blocks of mem‐
126 ory larger than MMAP_THRESHOLD bytes, the glibc malloc() implementation
127 allocates the memory as a private anonymous mapping using mmap(2).
128 MMAP_THRESHOLD is 128 kB by default, but is adjustable using mal‐
129 lopt(3). Prior to Linux 4.7 allocations performed using mmap(2) were
130 unaffected by the RLIMIT_DATA resource limit; since Linux 4.7, this
131 limit is also enforced for allocations performed using mmap(2).
132 To avoid corruption in multithreaded applications, mutexes are used
134 internally to protect the memory-management data structures employed by
135 these functions. In a multithreaded application in which threads
136 simultaneously allocate and free memory, there could be contention for
137 these mutexes. To scalably handle memory allocation in multithreaded
138 applications, glibc creates additional memory allocation arenas if
139 mutex contention is detected. Each arena is a large region of memory
140 that is internally allocated by the system (using brk(2) or mmap(2)),
141 and managed with its own mutexes.
142 SUSv2 requires malloc(), calloc(), and realloc() to set errno to ENOMEM
144 upon failure. Glibc assumes that this is done (and the glibc versions
145 of these routines do this); if you use a private malloc implementation
146 that does not set errno, then certain library routines may fail without
147 having a reason in errno.
148 Crashes in malloc(), calloc(), realloc(), or free() are almost always
150 related to heap corruption, such as overflowing an allocated chunk or
151 freeing the same pointer twice.
152 The malloc() implementation is tunable via environment variables; see
154 mallopt(3) for details.
155
157 valgrind(1), brk(2), mmap(2), alloca(3), malloc_get_state(3),
158 malloc_info(3), malloc_trim(3), malloc_usable_size(3), mallopt(3),
159 mcheck(3), mtrace(3), posix_memalign(3)
160 For details of the GNU C library implementation, see
162 ⟨https://sourceware.org/glibc/wiki/MallocInternals⟩.
163
165 This page is part of release 5.04 of the Linux man-pages project. A
166 description of the project, information about reporting bugs, and the
167 latest version of this page, can be found at
168 https://www.kernel.org/doc/man-pages/.
169GNU 2019-03-06 MALLOC(3)