[vlc-devel] [PATCH] vlc_strftime: avoid infinite loop on windows when format string is invalid
Rémi Denis-Courmont
remi at remlab.net
Thu Jan 25 19:10:26 CET 2018
Le torstaina 25. tammikuuta 2018, 19.35.55 EET Romain Vimont a écrit :
> On Thu, Jan 25, 2018 at 06:43:42PM +0200, Rémi Denis-Courmont wrote:
> > We can intrinsically not handle UB and therefore we do not handle UB, at
> > least not post-facto. Where practical and useful, you can add post-facto
> > assertions to aid in debugging - nothing else.
>
> I agree with you, in theory we can just ignore UB.
I did not state that we CAN ignore UB. I stated that we MUST ignore UB.
By definition.
After UB, the only thing that vaguely makes sense is aborting, typically done
with assert().
> But here, the current vlc_strftime() implementation may transform an
> error (with errno set) to an infinite loop, which is not very
> debug-friendly.
UB is not debug-friendly in the first place and clobbering errno is not
friendly to debug and tracing either.
> To always avoid an infinite loop, one possibility could be to double the
> buffer size on each iteration (instead of increasing linearly), and
> limit to, say, 10 iterations, failing with an error otherwise.
We already handle the empty string case.
--
雷米‧德尼-库尔蒙
https://www.remlab.net/
More information about the vlc-devel
mailing list