Re: dm-integrity: fix inefficient allocation of stack space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thu, 20 Jul 2017, John Stoffel wrote:

> Mikulas> In the early days when I was programming, I was adding checks for NULL 
> Mikulas> pointers "just in case - so that it doesn't crash". But these checks 
> Mikulas> didn't make the code any more understandable - they made the code less 
> Mikulas> understandable - because if a function return value is checked for NULL, 
> Mikulas> the programmer believes that the function could return NULL. And the 
> Mikulas> programmer no longer knows what is the contract of the function - could 
> Mikulas> the function really return NULL or not?
> 
> In this case, maybe it would make more sense to clamp the values to
> the maximums in case they do exceed their limits?  The check is
> simply:
> 
>     if (unlikely(section >= ic->journal_sections) ||
> 	 unlikely(offset >= limit)) {
> 
> So I'm arguing that when you set the section or offset, shouldn't they
> be clamped to their limits there?
> 
> Thanks for your time,
> John

Returning invalid data is directly against the purpose of the dm-integrity 
target.

If you think that clamping array indices that are out of range improves 
software reliability - so write some program that uses this technique and 
we will see how reliable or unreliable it is. You can persuade people by 
writing software, you can't persuade them by preaching what should they 
do.

Mikulas

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux