On Wed, Jul 23, 2014 at 00:02, Mark Kettenis wrote:
> Hmm, I believe, quite strongly, that we should always panic when a
> arithmetic overflow is detected.
>
> The M_CANFAIL flag is really there to allow for failure in certain
> low-memory conditions, not to recover from programming bugs.
The current check is consistent with the existing malloc check:
if (size > 65535 * PAGE_SIZE) {
if (flags & M_CANFAIL) {
Which returns NULL.
I don't think the overflow check is there solely to catch programming
bugs. I may want to use it precisely because I want to know if two
quantities overflow. Duplicating the check is wearisome and error
prone when I know there's a perfectly good check in a function I'm
about to call anyway.
