[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kmem_calloc and overflow checks [was Re: [PATCH] netbsd32 swapctl, round 4]
Le 02/02/2014 16:56, Taylor R Campbell a écrit :
Date: Sun, 02 Feb 2014 16:43:49 +0100
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Even functions like calloc(3) are not required to check for the overflow
themselves when you pass them (number of elements, sizeof elements).
Overflow checks are rather cumbersome in C...
Calloc(3) may not check, but we could define the semantics of
kmem_calloc to guarantee an overflow check in order to make it less
cumbersome for callers.
We are a bit sliding away from the original swap32 compat code from
Emmanuel though :)
In this case I would leave the overflow checks, as this is not a real
performance critical path.
It is more a matter of avoiding errors by cargo cult programming if the
code gets copy/pasted elsewhere but not adapted correctly.
I think that implementing "integer overflow" checks in kernel (and also
userland) functions requires to be thought about more thoroughly. It is
inconvenient to have APIs with some that do's and some that don'ts.
Main Index |
Thread Index |