[mapserver-dev] Ticket 3559 - malloc/calloc/realloc return values should always be checked

Stephen Woodbridge woodbri at swoodbridge.com
Thu Oct 7 10:43:23 EDT 2010

On 10/7/2010 9:35 AM, Frank Warmerdam wrote:
> Alan Boudreault wrote:
>> Devs,
>> I'm about to begin this task and would like to see if you agree with
>> what I plan to do.
>> Basicaly, the task is to pass through the code source and verify that
>> all memory allocation calls are checked. This implies, if the function
>> that contains the memory allocation wasn't already returning any error
>> value to its caller, to add checks in the callers and do the
>> appropriate action.
> Alan,
> I'd just like to go on the record and not feeling that it is important
> to check all memory allocation return values. If we get to the point
> where small allocations are failing it is unlikely that we will be able
> to recover in a meaningful way, and the error checking code may bulk stuff
> up in unhelpful ways. I say, let things segfault - it's as clean an exit
> as some others.
> Keep in mind our ability to actually *test* the new error cases is minimal.
> Just my two cents worth...
> Best regards,

I generally concur with this but would suggest a slightly more active 

1. check the allocation and if it fails
2. write and error to STDERR (ideally with the function name and line 
line number and then exit
3. unless there is a good change that the caller will check the failure 
AND be able to recover

The rationale for this is that the segv might happen in some place 
totally unrelated to the allocation failure and it is easier to debug if 
we die closer to the failure. I don't think this would bulk things up to 
much. Maybe the test and error can be done in a #define like

#define CHECK_ALLOC(a) if (!(a)) { fprintf(stderr, "%s: %d: Memory 
allocation failed! exiting at %s!\n", __FILE__, __LINE__); exit(1); }

-Steve W

More information about the mapserver-dev mailing list