[MPlayer-dev-eng] [RFC] libnut demuxer API

Rich Felker dalias at aerifal.cx
Thu Sep 8 18:37:44 CEST 2005


On Thu, Sep 08, 2005 at 06:16:09PM +0300, Uoti A Urpala wrote:
> > On Thu, Sep 08, 2005 at 05:33:02PM +0300, Oded Shimon wrote:
> > > after the malloc, and program will crash for trying to write to NULL. A 
> > > crash is just about as good as a silly error message "out of memory", as 
> > > that never happens anyway (if it does, you got bigger problems to worry 
> > > about :).
> 
> Michael Niedermayer wrote:
> > well, no i disagree
> > * a lib should not die if it runs out of memory, as it might be due to buggy
> > parameters / buggy input stream which cause it, for example a input file with
> > 1<<31 streams or so, its nonsense but should not lead to a crash of the app
> > just imagine a video editor which has unsaved stuff
> 
> Doing this properly requires sanity checking the values beforehand,
> just checking the return value from malloc afterwards isn't enough. An
> excessively large allocation will likely lead to the application dying
> later even if malloc doesn't return NULL immediately. Personally I'd
> use a malloc wrapper that prints an error and exits instead of
> returning NULL (if sane malloc sizes start failing you're dead anyway)
> and add sanity checks before places where bad input parameters could
> cause excessively large mallocs.

This is exactly why it's unacceptable to call malloc or any libc
function that affects the calling program's state. It's trivial to
make these use callbacks instead, and they should!!

Rich




More information about the MPlayer-dev-eng mailing list