[strongSwan-dev] malloc check policy

Emeric POUPON emeric.poupon at stormshield.eu
Mon Mar 21 14:23:37 CET 2016


Hi Tobias,

Aren't you afraid by potential side effects using this approach?

You may get a NULL pointer and perform some operations with it, like pointer arithmetic, without crashing.
Furthermore you could possibly have security issues before eventually crash.

The question is: since you have done the job to get proper malloc hooks with the leak detective, why not just abort on failure?

Emeric

----- Mail original -----
De: "Tobias Brunner" <tobias at strongswan.org>
À: "Emeric POUPON" <emeric.poupon at stormshield.eu>, dev at lists.strongswan.org
Envoyé: Lundi 21 Mars 2016 12:24:20
Objet: Re: [strongSwan-dev] malloc check policy

Hi Emeric,

> I noticed that a lot of malloc calls are not checked in the code (may return NULL).

Yes, generally we don't check the return value.

> What is your policy on this behavior?

If malloc() fails you have a serious problem anyway.  Handling this
gracefully is often not really possible so we don't even attempt it.

Regards,
Tobias


More information about the Dev mailing list