

This is the exploit equivalent of that guy who played the perfect game (2008) - req2
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

======
alexgartrell
Someone makes an argument against checking malloc, talking about the overhead
it adds.

Does anyone have a problem with using a malloc wrapper?

    
    
      void *Malloc(size_t size) {
        void *r = malloc(size);
    
        if(r == NULL)
          /* do things to quit the app */
    
        return r;
      }
    

edit: yay for " " code blocks. Hacker News++

edit again: I wasn't clear. I meant overhead in terms of lines of code it
added. I'm asking if it makes sense to wrap it up in a nice upper-case call
that just terminates the program if the worst happens.

~~~
ianbishop
From my understanding, his problem was that the malloc wrapper being used not
only checked but also returned -1 if it was null (I assume some other
arbitrary number otherwise) which would add extra computation time.

Out of curiosity, I have always used assert to do malloc null checks. I
realize it is just a macro which gives a conditional to exit but is at all
hindering in terms of performance?

eg:

    
    
      void *Malloc(size_t size) {
    
        void *r = malloc(size);
        assert(r != null);
    
        return r;
      }

~~~
dbenamy
That's probably the same as the non-assert check EXCEPT that release builds
might disable assertions and then you're in trouble.

~~~
basugasubaku
Right. Plus as a matter of style, assertions are traditionally distinguished
from error handling. Assertions are used to catch programmer errors; error
handling is for when something happens that is nevertheless within the
contract of the library (malloc can return NULL, fopen can return NULL, etc).

------
mikeryan
This is a dupe and over a year old

<http://news.ycombinator.com/item?id=164725>

~~~
req2
Apologies. I'm new to using searchyc and didn't expect it to miss the URL.

[http://searchyc.com/submissions/http%253A%252F%252Fwww.matas...](http://searchyc.com/submissions/http%253A%252F%252Fwww.matasano.com%252Flog%252F1032%252Fthis-
new-vulnerability-dowds-inhuman-flash-exploit%252F)

------
swolchok
Am I on Reddit? Seriously, what's with the headline?

