[MPlayer-dev-eng] [RFC] libnut demuxer API
Uoti A Urpala
urpala at cc.helsinki.fi
Thu Sep 8 17:16:09 CEST 2005
> On Thu, Sep 08, 2005 at 05:33:02PM +0300, Oded Shimon wrote:
> > after the malloc, and program will crash for trying to write to NULL. A
> > crash is just about as good as a silly error message "out of memory", as
> > that never happens anyway (if it does, you got bigger problems to worry
> > about :).
Michael Niedermayer wrote:
> well, no i disagree
> * a lib should not die if it runs out of memory, as it might be due to buggy
> parameters / buggy input stream which cause it, for example a input file with
> 1<<31 streams or so, its nonsense but should not lead to a crash of the app
> just imagine a video editor which has unsaved stuff
Doing this properly requires sanity checking the values beforehand,
just checking the return value from malloc afterwards isn't enough. An
excessively large allocation will likely lead to the application dying
later even if malloc doesn't return NULL immediately. Personally I'd
use a malloc wrapper that prints an error and exits instead of
returning NULL (if sane malloc sizes start failing you're dead anyway)
and add sanity checks before places where bad input parameters could
cause excessively large mallocs.
> * if the first write happens to NULL+x where x can be controled by an input
> stream then you have a problem
More information about the MPlayer-dev-eng
mailing list