Le tridi 3 germinal, an CCXXIII, Luca Barbato a écrit : > Thus you assume that the best way to manage it is by crashing...
When all other options are worse, yes. > You are putting a `if (!condition) abort()`, this in itself is a crash. > > So you are adding a crash that might or might not happen instead of a normal > failure path that boils down usually to a > > if (!condition) return foo; There is something you still do not seem to realize: if your stack is corrupted, abort() is just a crash, anything else is a security issue, including "return foo". > I do care about Deny Of Service and that's why I'm slowly removing all of > this. Replacing them by untested dead code. > You are in a false dichotomy, you want to have a crash of a specific kind > instead of another because you know that your code is/might be wrong. Someone who does not know that his code is/might be wrong is an idiot. I do not think you are an idiot, so please act like it. An assert is exactly that: an assert means "I am sure my code is right, but errare humanum est, and if it happens to be wrong a crash is better than a security issue." What part of this would you want to refute? Regards, -- Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
