Date: Sun, 24 Jul 2011 15:29:14 +0200 From: Szabolcs Nagy <nsz@...t70.net> To: musl@...ts.openwall.com Subject: Re: holywar: malloc() vs. OOM * Rich Felker <dalias@...ifal.cx> [2011-07-24 08:40:34 -0400]: > On Sun, Jul 24, 2011 at 02:33:25PM +0400, Vasiliy Kulikov wrote: > > But looking at the problem from the pragmatic point of view we'll see > > that libc is actually the easiest place where the problem may be > > workarounded (not fixed, surely). The workaround would be simply > > raising SIGKILL if malloc() fails (either because of brk() or mmap()). > > For the rare programs craving to handle OOM such code should be used: > > This is absolutely wrong and non-conformant. It will also ruin all > A better solution might be to have a gcc option to generate a read > from the base address the first time a function performs arithmetic on > a pointer it has not already checked. This is valid because the C sounds reasonable > > Probably I overestimate the importance of OOM errors, and (1) in > > particular. However, I think it is worth discussing. > > I don't think you overestimate the importance of OOM errors. Actually > Linux desktop is full of OOM errors that ruin usability, like file > managers that hang the system for 5 minutes then crash if you navigate > to a directory with a 15000x15000 image file. Unfortunately I don't > think it's possible to fix at the libc level, and fixing the worst > issues (DoS from apps crashing when they should not crash) usually > involves both sanity-checking the size prior to calling malloc *and* > checking the return value of malloc... what about providing an alternative libc or libcwrapper api it could "fix" deprecated/dangerous calls (maybe turn them into compiletime errors) and things like oom failures into runtime errors so bad code can be compiled against this radical extremist libc i guess for now running code under valgrind can catch most of these issues..
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.