Orin Eman wrote: > The point here is if a program crashes in libusb, libusb gets the > blame. Doesn't matter if it was a null pointer from the > application, crash in libusb, libusb gets blamed.
At some point that may turn out to be a significant problem. A core design value of OpenUSB is to do very careful input validation. I guess you remember the design discussions that led Sun to start that effort. > Modern CPUs are so fast, there is no excuse Performance is one aspect, code size (source rather than instructions) is another, and there are probably more I can't think of on the spot. I like thin as long as it works. > It's simply defensive programming. Very important in the kernel, less so in userspace. > So, in the example below, there is no excuse not to check pdev. Feel free to send a patch which adds complete input validation everywhere in libusb (or libusbx if you prefer) - maybe one or even both projects will pick it up. Adding a check in just one place isn't really meaningful. Thanks! //Peter ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ libusbx-devel mailing list libusbx-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libusbx-devel
