[mapserver-dev] Ticket 3559 - malloc/calloc/realloc return values should always be checked

Lime, Steve D (DNR) Steve.Lime at state.mn.us
Fri Oct 8 08:23:50 EDT 2010

I like Frank's ideas... +1.
From: mapserver-dev-bounces at lists.osgeo.org [mapserver-dev-bounces at lists.osgeo.org] On Behalf Of Frank Warmerdam [warmerdam at pobox.com]
Sent: Thursday, October 07, 2010 9:42 AM
To: Alan Boudreault
Cc: mapserver-dev at lists.osgeo.org
Subject: Re: [mapserver-dev] Ticket 3559 - malloc/calloc/realloc return values should always be checked

Frank Warmerdam wrote:
> Alan Boudreault wrote:
>> Devs,
>> I'm about to begin this task and would like to see if you agree with
>> what I plan to do.
>> Basicaly, the task is to pass through the code source and verify that
>> all memory allocation calls are checked. This implies, if the function
>> that contains the memory allocation wasn't already returning any error
>> value to its caller, to add checks in the callers and do the
>> appropriate action.
> Alan,
> I'd just like to go on the record and not feeling that it is important
> to check all memory allocation return values.  If we get to the point
> where small allocations are failing it is unlikely that we will be able
> to recover in a meaningful way, and the error checking code may bulk stuff
> up in unhelpful ways.  I say, let things segfault - it's as clean an exit
> as some others.
> Keep in mind our ability to actually *test* the new error cases is minimal.
> Just my two cents worth...

Alan, others,

After a bit of discussion in IRC, I proposed an approach similar to
GDAL's.  In GDAL we use the functions CPLMalloc, CPLCalloc and CPLStrdup
for small allocations.  If they fail, they just immediately issue a
fatal error and exit().   This streamlines code greatly as it can be
assumed that small allocations succeed while still offering an informative
error message in the case of failure.

I would like to propose an msSmallAlloc() function that behaves in a similar
fashion, just writing an error to stderr in case of failure and calling
exit().  Likewise, an msStrdup() with similar behavior.

Of course, in the case of larger allocations we should still use malloc()
and attempt to recover gracefully if it fails.

Best regards,
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent

mapserver-dev mailing list
mapserver-dev at lists.osgeo.org

More information about the mapserver-dev mailing list