From: Mark Mitchell <mark@codesourcery.com>
To: DJ Delorie <dj@redhat.com>
Cc: gdb@sources.redhat.com, gdb-patches@sources.redhat.com, ian@airs.com
Subject: Re: PATCH: Do not call xmalloc_failed in expandargv
Date: Tue, 27 Sep 2005 18:33:00 -0000 [thread overview]
Message-ID: <43398C31.5000303@codesourcery.com> (raw)
In-Reply-To: <200509271623.j8RGNDDA017974@greed.delorie.com>
DJ Delorie wrote:
>>xmalloc is in libiberty, and it calls xmalloc_failed when it fails,
>>which itself calls xexit. That's the source of the idiom; I was
>>just trying to be consistent.
>
>
> I don't feel strongly about it. I bring it up only to cover all
> possibilities. I guess if you run out of memory in the first
> allocation after main starts, you're screwed anyway. Er... don't
> expect fputs() to work if you're out of memory at that point; it won't
> be able to allocate stdio buffers. write(2,...) would be safer, if
> less portable.
xmalloc_failed uses fprintf, which is surely at least as likely as
fprintf to allocate memory. And, write(2, ...) is also considered
unsafe; we had this argument in the context of libstdc++ a while back.
(Some applications close file descriptor 2, and then open some other
file, which happens to be assigned descriptor 2.) You can avoid this if
you mandate that all applications using libiberty make sure that file
descriptor 2 is stderr.
Anyhow, it seems weird to change expandargv if we don't change
xmalloc_failed.
> Hmmm... dupargv calls malloc(), not xmalloc(). expandargv calls
> xmalloc(), but that's the only call to xmalloc in that file. I wonder
> if we're looking at the wrong idiom for this file?
In my original patch, expandargv returned an error code, or, actually,
the name of the file it couldn't read. IIRC, you asked me to remove
that, so that callers would require as few changes as possible. In
practice, we're typically going to call expandargv() exactly once, at
the top of main. Bombing out fatally doesn't seem bad to me in this
case; applications aren't going to be very likely to recover.
It seems like we're worrying about a very low-probability situation. If
we find an application that really wants to recover from "@foo" being
too big, we can always change expandargv to ignore the "@foo" option as
you suggested, or to return -1, or some such.
Of course, if you do want me to make this change, I will.
--
Mark Mitchell
CodeSourcery, LLC
mark@codesourcery.com
(916) 791-8304
next prev parent reply other threads:[~2005-09-27 18:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-27 14:51 Mark Mitchell
2005-09-27 15:17 ` Ian Lance Taylor
2005-09-27 15:22 ` Mark Mitchell
2005-09-27 15:40 ` DJ Delorie
2005-09-27 15:46 ` Mark Mitchell
2005-09-27 18:04 ` DJ Delorie
2005-09-27 18:33 ` Mark Mitchell [this message]
2005-09-27 18:35 ` DJ Delorie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43398C31.5000303@codesourcery.com \
--to=mark@codesourcery.com \
--cc=dj@redhat.com \
--cc=gdb-patches@sources.redhat.com \
--cc=gdb@sources.redhat.com \
--cc=ian@airs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox