[mapserver-dev] Ticket 3559 - malloc/calloc/realloc return values
should always be checked
woodbri at swoodbridge.com
Thu Oct 7 10:47:29 EDT 2010
On 10/7/2010 10:42 AM, Frank Warmerdam wrote:
> Frank Warmerdam wrote:
>> Alan Boudreault wrote:
>>> I'm about to begin this task and would like to see if you agree with
>>> what I plan to do.
>>> Basicaly, the task is to pass through the code source and verify that
>>> all memory allocation calls are checked. This implies, if the
>>> function that contains the memory allocation wasn't already returning
>>> any error value to its caller, to add checks in the callers and do
>>> the appropriate action.
>> I'd just like to go on the record and not feeling that it is important
>> to check all memory allocation return values. If we get to the point
>> where small allocations are failing it is unlikely that we will be able
>> to recover in a meaningful way, and the error checking code may bulk
>> up in unhelpful ways. I say, let things segfault - it's as clean an exit
>> as some others.
>> Keep in mind our ability to actually *test* the new error cases is
>> Just my two cents worth...
> Alan, others,
> After a bit of discussion in IRC, I proposed an approach similar to
> GDAL's. In GDAL we use the functions CPLMalloc, CPLCalloc and CPLStrdup
> for small allocations. If they fail, they just immediately issue a
> fatal error and exit(). This streamlines code greatly as it can be
> assumed that small allocations succeed while still offering an informative
> error message in the case of failure.
> I would like to propose an msSmallAlloc() function that behaves in a
> fashion, just writing an error to stderr in case of failure and calling
> exit(). Likewise, an msStrdup() with similar behavior.
> Of course, in the case of larger allocations we should still use malloc()
> and attempt to recover gracefully if it fails.
> Best regards,
OK, Seems like this is similar to my suggestion, I'm good with this.
More information about the mapserver-dev