Date: Wed, 20 Jun 2012 14:23:32 -0700 From: Colin Percival <cperciva@freebsd.org> To: Warner Losh <wlosh@bsdimp.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Eitan Adler <eadler@freebsd.org>, Bruce Evans <brde@optusnet.com.au> Subject: Re: svn commit: r237286 - head/lib/libc/gen Message-ID: <4FE23F54.5060409@freebsd.org> In-Reply-To: <690DF487-F7CB-421E-B6BC-F7CE6BC0F658@bsdimp.com> References: <201206200638.q5K6cg7u024024@svn.freebsd.org> <20120621015220.J2636@besplex.bde.org> <4FE1FC23.9000904@freebsd.org> <690DF487-F7CB-421E-B6BC-F7CE6BC0F658@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/20/12 14:15, Warner Losh wrote: > On Jun 20, 2012, at 10:36 AM, Colin Percival wrote: >> On 06/20/12 09:27, Bruce Evans wrote: >>> On Wed, 20 Jun 2012, Eitan Adler wrote: >>>> Log: >>>> Don't close an uninitialized descriptor. [1] >>>> Add a sanity check for the validity of the passed fd. >>> >>> Library functions shouldn't use assert() or abort(). >> >> Why not? > > We've tried to avoid things that make the library dump core... You mean, we avoid it except in the places where we don't? It seems to me that dumping core is exactly the right way to handle a "can't ever happen" situation inside libc -- just like the ~250 instances of assert() in jemalloc. If you mean "passing an invalid parameter to a library function shouldn't result in a core dump", I agree -- but that's not the case here. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE23F54.5060409>