First, so that we have some numbers, libmswordlo.so debug build, but compiled with -O2 -g0 :
4627576 - without any extra checks in OUString 4625248 - with abort() 4642216 - with std::bad_alloc Yes, adding abort() there somehow makes it a tiny bit smaller, search me why. For std::bad_alloc it is 0,3% more, which may not seem much, but on the other hand it's just one tiny change in a library that actually does something, so it's not that little either. But I guess it's not enough for me to insist on the change. On Wednesday 29 of February 2012, Stephan Bergmann wrote: > However, there are also situations where bad input (malicious or > otherwise) would cause an application to request excessive amounts of > memory to do a single task (e.g., open a document), and at least in > theory the application should be able to cope with such > externally-induced OOM conditions, by abandoning the bad operation, > cleaning up after it, telling the user the operation failed, and > carrying on. The problem with this theory is that it is a theory. In practice the code should check the size first, and if it doesn't, then it presumably will not clean up properly anyway. The other problem is that OUString ctors is just one random place. The OUStringBuffer ctor, which is probably a more likely place to first hit the problem if the input handling itself is sloppy and lets the problem get past, does not bother with any such checks. So what we have now is a half-solution that is not likely to work anyway. Either we want this done properly, in which case input should be validated. Or we want it with less work but still reasonably safe, in which case all the C rtl_ustr_* functions should detect this and abort. Either case does not really need it in OUString ctors. -- Lubos Lunak l.lu...@suse.cz _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice