[mapserver-dev] Ticket 3559 - malloc/calloc/realloc return values should always be checked

[Stephen Woodbridge]

On 10/7/2010 10:42 AM, Frank Warmerdam wrote:
> Frank Warmerdam wrote:
>> Alan Boudreault wrote:
>>> Devs,
>>>
>>> I'm about to begin this task and would like to see if you agree with
>>> what I plan to do.
>>>
>>> Basicaly, the task is to pass through the code source and verify that
>>> all memory allocation calls are checked. This implies, if the
>>> function that contains the memory allocation wasn't already returning
>>> any error value to its caller, to add checks in the callers and do
>>> the appropriate action.
>>
>> Alan,
>>
>> I'd just like to go on the record and not feeling that it is important
>> to check all memory allocation return values. If we get to the point
>> where small allocations are failing it is unlikely that we will be able
>> to recover in a meaningful way, and the error checking code may bulk
>> stuff
>> up in unhelpful ways. I say, let things segfault - it's as clean an exit
>> as some others.
>>
>> Keep in mind our ability to actually *test* the new error cases is
>> minimal.
>>
>> Just my two cents worth...
>
> Alan, others,
>
> After a bit of discussion in IRC, I proposed an approach similar to
> GDAL's. In GDAL we use the functions CPLMalloc, CPLCalloc and CPLStrdup
> for small allocations. If they fail, they just immediately issue a
> fatal error and exit(). This streamlines code greatly as it can be
> assumed that small allocations succeed while still offering an informative
> error message in the case of failure.
>
> I would like to propose an msSmallAlloc() function that behaves in a
> similar
> fashion, just writing an error to stderr in case of failure and calling
> exit(). Likewise, an msStrdup() with similar behavior.
>
> Of course, in the case of larger allocations we should still use malloc()
> and attempt to recover gracefully if it fails.
>
> Best regards,

OK, Seems like this is similar to my suggestion, I'm good with this.

-Steve W