On 06/20/12 14:15, Warner Losh wrote: > On Jun 20, 2012, at 10:36 AM, Colin Percival wrote: >> On 06/20/12 09:27, Bruce Evans wrote: >>> On Wed, 20 Jun 2012, Eitan Adler wrote: >>>> Log: >>>> Don't close an uninitialized descriptor. [1] >>>> Add a sanity check for the validity of the passed fd. >>> >>> Library functions shouldn't use assert() or abort(). >> >> Why not? > > We've tried to avoid things that make the library dump core...
You mean, we avoid it except in the places where we don't? It seems to me that dumping core is exactly the right way to handle a "can't ever happen" situation inside libc -- just like the ~250 instances of assert() in jemalloc. If you mean "passing an invalid parameter to a library function shouldn't result in a core dump", I agree -- but that's not the case here. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
