[Development] QtCore missing check for memory allocation

Mathias Hasselmann mathias at taschenorakel.de
Wed Feb 25 17:36:39 CET 2015



Am 25.02.2015 um 16:48 schrieb Ulf Hermann:
> The point is this: With the current behavior you're not actually
> guaranteed to get a segfault. The client code might not access *p,
> but rather p[<some large number>], and that might hit valid memory.
> Or it might store p, do whatever funny arithmetic on it with the
> assumption that it's not 0, and run into some other incorrect
> behavior. An attacker could specifically search for such a case and
> overwrite some important piece of information like this. We don't
> want that. Q_CHECK_PTR should mean "If the pointer is 0 either throw
> an exception or abort right away. Don't just continue."

The commonly accepted solution to that problem is using memory debuggers 
like Valgrind. They are sufficiently sophisticated to tell you exactly 
where your bad pointer comes from. Ideally you have the resources to let 
your CI run your automated tests with such debugger.

Writing allocation-safe code was considering a good idea years ago. 
Sadly the people supporting that approach totally forgot that checking 
each memory allocation dramatically inflates cyclomatic complexity of 
your code, rendering it unmaintainable quickly. Have a look at libdbus 
to get an idea of the overhead allocation-safe code causes.


Ciao,
Mathias



More information about the Development mailing list