This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] malloc/malloc.c: Validate SIZE passed to aligned_alloc.
- From: "Joseph S. Myers" <joseph at codesourcery dot com>
- To: Will Newton <will dot newton at linaro dot org>
- Cc: Rich Felker <dalias at aerifal dot cx>, Paul Eggert <eggert at cs dot ucla dot edu>, libc-alpha <libc-alpha at sourceware dot org>, Patch Tracking <patches at linaro dot org>
- Date: Fri, 8 Nov 2013 13:42:18 +0000
- Subject: Re: [PATCH 1/2] malloc/malloc.c: Validate SIZE passed to aligned_alloc.
- Authentication-results: sourceware.org; auth=none
- References: <527BD0C3 dot 4010607 at linaro dot org> <527BD28B dot 8090407 at cs dot ucla dot edu> <CANu=DmhAmKCaTyuF0MY9CK_HBCOvN=yzgTtaKTPppghxNStWrw at mail dot gmail dot com> <20131108042055 dot GZ24286 at brightrain dot aerifal dot cx> <CANu=DmjZxxt2E8B=bjrBS7OwW+MdT6Jc6CEwf80WRAt5nPZ6FQ at mail dot gmail dot com>
On Fri, 8 Nov 2013, Will Newton wrote:
> > I'm against unnecessary and (mildly) expensive validation of a
> > condition that the implementation is not required to validate and for
> > which the check has no purpose except for intentionally breaking
> > non-portable code.
>
> My initial interest in this came from documenting the aligned_alloc
> interface. So should we document this non-standard behaviour?
I say document only what the standard requires, but don't add extra
validation - the general practice in glibc is not to make glibc slower or
bigger for valid code by checking for conditions that can only arise when
the user's call to a glibc function means undefined behavior (this is much
the same as not checking for NULL arguments when a function's interface
doesn't allow them, for example).
--
Joseph S. Myers
joseph@codesourcery.com