httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: Replacement for mktemp and httpd_monitor
Date Fri, 22 Dec 1995 15:17:00 GMT
>Strings should be malloced at run time, avoids problems with
>fixed length buffers and reduces the executable image...

Errr, no; not unless your linker is broken.

> and generally make better use of memory.

Not necessarily. Yes, you get some wastage with static strings, but you don't
get any problems with fragmentation of your heap -- that wastes memory too.
(Although not in Apache as currently designed; but it would be a problem
for a multi-threaded daemon.) In fact, alloca(), i.e. allocation on a stack,
would be best for Apache.

>Also makes security holes with sprintf a non-issue because strings aren't on
>the stack. It'd also make string overflows rather obvious because the thing
>will SIGSEGV.

Very bogus. This reminds me of a claim made by a data processing manager from
Halifax Building Society in a UK court: `We know there are no bugs in our
program because it is written in IBM/370 assembler, and if we makes a mistake
it abends.' (IBM 0C4 abend is eqivalent to SIGSEGV. IBM error manual
nostalgia: 'OC4 abend; Cause: progammer error. Fix: fix the bug and recompile')

 David.

Mime
View raw message