[Development] QtCore missing check for memory allocation
mathias at taschenorakel.de
Wed Feb 25 17:36:39 CET 2015
Am 25.02.2015 um 16:48 schrieb Ulf Hermann:
> The point is this: With the current behavior you're not actually
> guaranteed to get a segfault. The client code might not access *p,
> but rather p[<some large number>], and that might hit valid memory.
> Or it might store p, do whatever funny arithmetic on it with the
> assumption that it's not 0, and run into some other incorrect
> behavior. An attacker could specifically search for such a case and
> overwrite some important piece of information like this. We don't
> want that. Q_CHECK_PTR should mean "If the pointer is 0 either throw
> an exception or abort right away. Don't just continue."
The commonly accepted solution to that problem is using memory debuggers
like Valgrind. They are sufficiently sophisticated to tell you exactly
where your bad pointer comes from. Ideally you have the resources to let
your CI run your automated tests with such debugger.
Writing allocation-safe code was considering a good idea years ago.
Sadly the people supporting that approach totally forgot that checking
each memory allocation dramatically inflates cyclomatic complexity of
your code, rendering it unmaintainable quickly. Have a look at libdbus
to get an idea of the overhead allocation-safe code causes.
More information about the Development