[vlc-devel] [vlc-commits] commit: httpd: gracefully handle too large request bodies (Pierre Ynard )

Pierre Ynard linkfanel at yahoo.fr
Sat Dec 11 02:06:44 CET 2010

> > httpd: gracefully handle too large request bodies
> > 
> > Return a 413 error instead of crashing
> That won't really work the way you'd want though.
> malloc() returns NULL if it's out of address space, but it does not
> usually return NULL if it's out of memory.

I'm aware.

> So in practice, this will catch ridiculously large Content-Length
> such as 2 gigabytes, but not large requests such as a few hundred
> megabytes.

You wish, I had to exhaust 4 petabytes of address space before my VLC

> Instead, the process will get killed later when it tries to write and
> taint new memory pages.

At least an attacker has to actually do some work to trigger a crash

There must be a rationale why this is desirable behavior from the OS?
Is this kind of memory allocation bad practice? Would it be better to
gradually realloc() the buffer while it's filled?

Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."

More information about the vlc-devel mailing list