First, so that we have some numbers, libmswordlo.so debug build, but compiled
with -O2 -g0 :
4627576 - without any extra checks in OUString
4625248 - with abort()
4642216 - with std::bad_alloc
Yes, adding abort() there somehow makes it a tiny bit smaller, search me why.
For std::bad_alloc it is 0,3% more, which may not seem much, but on the other
hand it's just one tiny change in a library that actually does something, so
it's not that little either.
But I guess it's not enough for me to insist on the change.
On Wednesday 29 of February 2012, Stephan Bergmann wrote:
However, there are also situations where bad input (malicious or
otherwise) would cause an application to request excessive amounts of
memory to do a single task (e.g., open a document), and at least in
theory the application should be able to cope with such
externally-induced OOM conditions, by abandoning the bad operation,
cleaning up after it, telling the user the operation failed, and
carrying on.
The problem with this theory is that it is a theory. In practice the code
should check the size first, and if it doesn't, then it presumably will not
clean up properly anyway.
The other problem is that OUString ctors is just one random place. The
OUStringBuffer ctor, which is probably a more likely place to first hit the
problem if the input handling itself is sloppy and lets the problem get past,
does not bother with any such checks. So what we have now is a half-solution
that is not likely to work anyway. Either we want this done properly, in
which case input should be validated. Or we want it with less work but still
reasonably safe, in which case all the C rtl_ustr_* functions should detect
this and abort. Either case does not really need it in OUString ctors.
--
Lubos Lunak
l.lunak@suse.cz
Context
- Re: String literals, ASCII vs UTF-8 (continued)
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.