From owner-cvs-all  Wed Apr  3 15:24:11 2002
Delivered-To: cvs-all@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id AE7BA37B426; Wed,  3 Apr 2002 15:23:02 -0800 (PST)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g33NN1x24669;
	Wed, 3 Apr 2002 18:23:01 -0500 (EST)
Date: Wed, 3 Apr 2002 18:23:01 -0500 (EST)
From: Trevor Johnson <trevor@jpj.net>
To: Mike Barcroft <mike@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, <cvs-all@FreeBSD.org>,
	Garrett Wollman <wollman@FreeBSD.org>
Subject: Re: malloc.h--cheaper by the dozen?
In-Reply-To: <20020331023459.G81971@espresso.q9media.com>
Message-ID: <20020331033829.Q20524-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Mike Barcroft wrote:

> Trevor Johnson <trevor@jpj.net> writes:
> > When the user attempts to compile a program which uses gets() in
> > compliance with modern ANSI and ISO standards, the user receives a gentle
> > slap (a warning).  The program compiles successfully, but the user is
> > informed that a security hole was probably opened.  When the user attempts
> > to compile a program that was written according to an old man page from
> > Ultrix [1], SunOS [2], Solaris [3], or AIX [4]--some of which predated the
> > ANSI and ISO standards--the user receives a hard slap (an error).  The
> > Open Group seems to say that the presence of malloc.h is not required but
> > neither prohibited nor deprecated [5].
>
> We don't support pre-ANSI C in 5.0-CURRENT.

Not supporting is one thing; actively sabotaging is another. Simply not
having the header would be a more friendly way to not support it.  Is
there an advantage to generating an error?  I don't see it.  We don't even
save the one inode that we would save by not having a malloc.h at all.

> Software developers have had over a decade to update their software to
> more modern versions of C; I have no sympathy for them.

There's every likelihood that the authors of those programs no longer
maintain them, that they don't care whether their code complies with
standards, or that they don't care about FreeBSD.  Still, their work may
be of use to FreeBSD users, who are the ones getting the error.

The Solaris version I mentioned dates from 1996.  The header is present in
post-C89 versions of HP/UX
(http://www.informatik.uni-frankfurt.de/doc/man/hpux/malloc.3c.html) and
Tru64 (http://btrcx1.cip.uni-bayreuth.de/cgi-bin/manpages/malloc/3) as
well as BSD/OS and FreeBSD 4.X.  The GNU libc contains it to this day
(http://www.delorie.com/gnu/docs/glibc/libc_29.html).  They say it is from
the SVID and XPG standards (although I could not find it in the SVID which
Caldera offers for download).  Programs which do

	#if HAVE_USR_INCLUDE_MALLOC_H
	#include "/usr/include/malloc.h"

are likely to fall into the booby trap.  If the header were just removed
entirely, they could recover.
-- 
Trevor Johnson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message