On Wed, Sep 1, 2010 at 6:15 AM, Graham Leggett <minf...@sharp.fm> wrote:
> On 01 Sep 2010, at 6:07 AM, dave b wrote: > > What is the rational behind not checking the return value of >> apr_palloc and apr_pcalloc? >> > > The rationale is to not be forced to check for and handle hundreds of > potential failure cases when you're probably doomed anyway. > probably more than hundreds ;) If there's a real world scenario where allocation failures can occur and must be dealt with more gracefully than segfaulting, I suspect that you can find a pragmatic way to deal with it much more reliably than relying on each individual memory allocation to be checked (that will never be implemented perfectly, and those paths will almost never be exercised anyway). For example, a plug-in module might be able to confirm (or fail gracefully) in an early request hook that enough memory is available to handle the expected types of requests. Another way to look at it: If somebody had the time to add all those checks/error paths, their time would be better spent looking for situations where httpd would use a lot more memory than normal because of the way external input was received. If there's not a repeatable real world scenario to address -- IOW you think they should be checked "just because" -- there probably won't be any sympathy here. With a particular scenario in hand there may be ideas forthcoming to deal with the situation, whether internal to the web server or external. HTH!