Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jul 2011 09:27:04 -0400
From: Rich Felker <>
Subject: Re: holywar: malloc() vs. OOM

On Sun, Jul 24, 2011 at 03:29:14PM +0200, Szabolcs Nagy wrote:
> > > Probably I overestimate the importance of OOM errors, and (1) in
> > > particular.   However, I think it is worth discussing.
> > 
> > I don't think you overestimate the importance of OOM errors. Actually
> > Linux desktop is full of OOM errors that ruin usability, like file
> > managers that hang the system for 5 minutes then crash if you navigate
> > to a directory with a 15000x15000 image file. Unfortunately I don't
> > think it's possible to fix at the libc level, and fixing the worst
> > issues (DoS from apps crashing when they should not crash) usually
> > involves both sanity-checking the size prior to calling malloc *and*
> > checking the return value of malloc...
> what about providing an alternative libc or libcwrapper api

I think this is definitely possible, probably just via
-I/path/to/alt/stdlib/h and some inline code and macros in the
stdlib.h there, along with #include_next <stdlib.h>, and it probably
doesn't really need cooperation with libc (i.e. if it's written
cleanly enough it would probably work with most libcs.

> it could "fix" deprecated/dangerous calls
> (maybe turn them into compiletime errors)
> and things like oom failures into runtime errors
> so bad code can be compiled against this radical extremist libc

The only problem I see is that it only catches "known bad" code. As an
admin I would be inclined to simply look for another program that
performs the function I need, rather than trying to compile in
workarounds, if I knew a program had code that bad..


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.