On Sat, May 05, 2012 at 01:18:48PM +1000, David Seikel wrote: > Just ignoring the failed allocation and trying to use a NULL pointer > will likely crash you anyway, but that's just being lazy. Failing > gracefully is generally better than failing disgracefully.
Part of the problem here is that it might *not* crash depending on the code path and arguments. E.g. if you allocate a large buffer and the first thing you do with the buffer is writing to an attacker controlled offset, it can be turned into an arbitary code exploit by making the buffer size large enough that the offset effectively becomes a pointer itself. Joerg ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
