svn commit: r237286 - head/lib/libc/gen
Colin Percival
cperciva at freebsd.org
Wed Jun 20 21:24:17 UTC 2012
On 06/20/12 14:15, Warner Losh wrote:
> On Jun 20, 2012, at 10:36 AM, Colin Percival wrote:
>> On 06/20/12 09:27, Bruce Evans wrote:
>>> On Wed, 20 Jun 2012, Eitan Adler wrote:
>>>> Log:
>>>> Don't close an uninitialized descriptor. [1]
>>>> Add a sanity check for the validity of the passed fd.
>>>
>>> Library functions shouldn't use assert() or abort().
>>
>> Why not?
>
> We've tried to avoid things that make the library dump core...
You mean, we avoid it except in the places where we don't? It seems to me
that dumping core is exactly the right way to handle a "can't ever happen"
situation inside libc -- just like the ~250 instances of assert() in jemalloc.
If you mean "passing an invalid parameter to a library function shouldn't
result in a core dump", I agree -- but that's not the case here.
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
More information about the svn-src-all
mailing list