At 18:35 29-08-01, Walter Franzini wrote:
>Zeev Suraski <[EMAIL PROTECTED]> writes:
> > At 14:57 29-08-01, Walter Franzini wrote:
> > > From the extension (the user of kernel services) pov I must disagree.
> >>But obviusly I'missing something :-)
> >
> > I don't see why there's a difference.
>Maybe the difference is not ZE vs. extension but internal vs. external
>data, where external means coming from the outside of PHP/Zend.
>If you try to allocate memory for data that come from the outside (the
>browser, a db) you should fail gracefully: a malicious user can send
>to your app a huge amount of data only to make it crash.

But it does not crash.  It exits, which is the safest thing you can do.

> >From the user point of view an application that exit without a message
>is crashed, no matter how controlled the shutdown is.
>Is this a reasonable scenario?

Given the fact that a failed malloc() can often mean that the situation is 
*really* bad, the best thing to do would be exiting.  Doing anything else, 
such as printing things out, etc., is dangerous, as it may result in a 
crash.  We can argue as to what to do in case we run out of memory - but 
what you were suggesting is not doing anything, and move the responsibility 
for the users of the memory manager.  No matter how I look at it, that's a 
bad thing.

>"Ehi, I can't allocate the memory needed to store a refcount.  It's
>time to exit!!"
>seems reasonable to me.

Due to the reasons I gave in my previous letter, I disagree.


PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to