Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index



 First, so that we have some numbers, libmswordlo.so debug build, but compiled 
with -O2 -g0 :

 4627576 - without any extra checks in OUString
 4625248 - with abort()
 4642216 - with std::bad_alloc

 Yes, adding abort() there somehow makes it a tiny bit smaller, search me why. 
For std::bad_alloc it is 0,3% more, which may not seem much, but on the other 
hand it's just one tiny change in a library that actually does something, so 
it's not that little either.

 But I guess it's not enough for me to insist on the change.

On Wednesday 29 of February 2012, Stephan Bergmann wrote:
However, there are also situations where bad input (malicious or
otherwise) would cause an application to request excessive amounts of
memory to do a single task (e.g., open a document), and at least in
theory the application should be able to cope with such
externally-induced OOM conditions, by abandoning the bad operation,
cleaning up after it, telling the user the operation failed, and
carrying on.

 The problem with this theory is that it is a theory. In practice the code 
should check the size first, and if it doesn't, then it presumably will not 
clean up properly anyway.

 The other problem is that OUString ctors is just one random place. The 
OUStringBuffer ctor, which is probably a more likely place to first hit the 
problem if the input handling itself is sloppy and lets the problem get past, 
does not bother with any such checks. So what we have now is a half-solution 
that is not likely to work anyway. Either we want this done properly, in 
which case input should be validated. Or we want it with less work but still 
reasonably safe, in which case all the C rtl_ustr_* functions should detect 
this and abort. Either case does not really need it in OUString ctors.

-- 
 Lubos Lunak
 l.lunak@suse.cz

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.