At 18:35 29-08-01, Walter Franzini wrote:
>Zeev Suraski <[EMAIL PROTECTED]> writes:
>
> > At 14:57 29-08-01, Walter Franzini wrote:
> > > From the extension (the user of kernel services) pov I must disagree.
> >>But obviusly I'missing something :-)
> >
> > I don't see why there's a difference.
>
>Maybe the difference is not ZE vs. extension but internal vs. external
>data, where external means coming from the outside of PHP/Zend.
>
>If you try to allocate memory for data that come from the outside (the
>browser, a db) you should fail gracefully: a malicious user can send
>to your app a huge amount of data only to make it crash.
But it does not crash. It exits, which is the safest thing you can do.
> >From the user point of view an application that exit without a message
>is crashed, no matter how controlled the shutdown is.
>
>Is this a reasonable scenario?
Given the fact that a failed malloc() can often mean that the situation is
*really* bad, the best thing to do would be exiting. Doing anything else,
such as printing things out, etc., is dangerous, as it may result in a
crash. We can argue as to what to do in case we run out of memory - but
what you were suggesting is not doing anything, and move the responsibility
for the users of the memory manager. No matter how I look at it, that's a
bad thing.
>But
>
>"Ehi, I can't allocate the memory needed to store a refcount. It's
>time to exit!!"
>
>seems reasonable to me.
Due to the reasons I gave in my previous letter, I disagree.
Zeev
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
