[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [RFC] Replacement for "assert" in the libraries

From: Vincent Lefevre <vincent+svn_at_vinc17.org>
Date: Mon, 16 Jun 2008 14:34:15 +0200

On 2008-06-13 18:43:23 +0100, Julian Foad wrote:
> The CHANGE from current behaviour to new behaviour when this macro is
> substituted for current uses of assert() (in places where it can be
> substituted without further changes) is:
>
> * if a bug is encountered that triggers one of these assertions,
> the program will now stop through Subversion's error reporting
> mechanism instead of by aborting, except that:
>
> * in cases where the software is designed to catch svn_error_t
> error objects, it may now ignore the error or do something other
> than the default of reporting the error and stopping.

How about the security point of view? The failed assertion could come
from some memory corruption (e.g. after a buffer overflow, possibly
due to data from a malicious user). In such a case, aborting ASAP
would be a better solution than having the risk to let the software
behave erratically. 

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-16 14:34:32 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.