Date: Sun, 24 Jul 2011 09:27:04 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: holywar: malloc() vs. OOM On Sun, Jul 24, 2011 at 03:29:14PM +0200, Szabolcs Nagy wrote: > > > Probably I overestimate the importance of OOM errors, and (1) in > > > particular. However, I think it is worth discussing. > > > > I don't think you overestimate the importance of OOM errors. Actually > > Linux desktop is full of OOM errors that ruin usability, like file > > managers that hang the system for 5 minutes then crash if you navigate > > to a directory with a 15000x15000 image file. Unfortunately I don't > > think it's possible to fix at the libc level, and fixing the worst > > issues (DoS from apps crashing when they should not crash) usually > > involves both sanity-checking the size prior to calling malloc *and* > > checking the return value of malloc... > > what about providing an alternative libc or libcwrapper api I think this is definitely possible, probably just via -I/path/to/alt/stdlib/h and some inline code and macros in the stdlib.h there, along with #include_next <stdlib.h>, and it probably doesn't really need cooperation with libc (i.e. if it's written cleanly enough it would probably work with most libcs. > it could "fix" deprecated/dangerous calls > (maybe turn them into compiletime errors) > and things like oom failures into runtime errors > > so bad code can be compiled against this radical extremist libc The only problem I see is that it only catches "known bad" code. As an admin I would be inclined to simply look for another program that performs the function I need, rather than trying to compile in workarounds, if I knew a program had code that bad.. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.