> This demonstrates that your patch > is clearly insufficient. Further, Vladimir's patch is clearly > insufficient too, as shown for the another patch in the same > patch series.
"Insufficient" only when compared to a hypothetical perfectly exhaustive patch that requires "huge work," as you put it. It's best not to let the perfect be the enemy of the good. Avoiding UB in normal program execution (as opposed to the test suite) will prevent common workloads from executing UB, which is not merely an issue of "theoretical correctness." See https://blog.regehr.org/archives/213 (section "A Fun Case Analysis") for an example of how this "NULL used in nonnull context" issue leads to unexpected program behavior. Thus, I think the best approach is to patch pstrdup to avoid memcpy-from-NULL, and patch other functions only if someone can present a backtrace from a real configuration of nginx that executed UB. -Ben
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
