Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jul 2011 15:29:14 +0200
From: Szabolcs Nagy <>
Subject: Re: holywar: malloc() vs. OOM

* Rich Felker <> [2011-07-24 08:40:34 -0400]:
> On Sun, Jul 24, 2011 at 02:33:25PM +0400, Vasiliy Kulikov wrote:
> > But looking at the problem from the pragmatic point of view we'll see
> > that libc is actually the easiest place where the problem may be 
> > workarounded (not fixed, surely).  The workaround would be simply
> > raising SIGKILL if malloc() fails (either because of brk() or mmap()).
> > For the rare programs craving to handle OOM such code should be used:
> This is absolutely wrong and non-conformant. It will also ruin all

> A better solution might be to have a gcc option to generate a read
> from the base address the first time a function performs arithmetic on
> a pointer it has not already checked. This is valid because the C

sounds reasonable

> > Probably I overestimate the importance of OOM errors, and (1) in
> > particular.   However, I think it is worth discussing.
> I don't think you overestimate the importance of OOM errors. Actually
> Linux desktop is full of OOM errors that ruin usability, like file
> managers that hang the system for 5 minutes then crash if you navigate
> to a directory with a 15000x15000 image file. Unfortunately I don't
> think it's possible to fix at the libc level, and fixing the worst
> issues (DoS from apps crashing when they should not crash) usually
> involves both sanity-checking the size prior to calling malloc *and*
> checking the return value of malloc...

what about providing an alternative libc or libcwrapper api

it could "fix" deprecated/dangerous calls
(maybe turn them into compiletime errors)
and things like oom failures into runtime errors

so bad code can be compiled against this radical extremist libc

i guess for now running code under valgrind can catch most
of these issues..

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.