I think the current default for malloc sanity checking should be changed to warn but not abort. I think if the current code hits stable we'll be flooded with angry users when their apps crash. Its best that these things are logged so we can see them, but I don't think we should default to killing stuff. I'll attach a patch to the ebuild to add some flags to toggle the change and that sets the default to warn-but-continue.
Created attachment 53419 [details, diff] patch to warn but not abort
Created attachment 53420 [details, diff] patch to glibc-2.3.4.20041102
angry users should shut up and complain to people who write buggy apps ;)
why is this any more true for heap overflows than stack overflows? we don't push ssp by default.
i didnt say adding the patch was a bad idea ;) perhaps we make the malloc() warning more verbose in the default-no-abort state ?
I think it'd make sense to ask people to report a bug personally, give the bugs.gentoo.org url.
Leave the default the way it is, and make the abort message in English that a user who doesn't code can understand.
I have to agree with Spyderous. Users are more likely to submit a bug if it aborts. Otherwise they're likely to ignore it (didn't crash so it's not broken syndrome). On a related note, I noticed that when glibc is built with USE=debug, it'll print the message and abort, but otherwise it does nothing. Talking to several devs on irc, the behavior didn't used to be dependant on USE=debug. Is this not the case anymore or should I file a bug?
the way I see it, if we change the error to be more verbose then _someone_ will tell us about it/ask in #gentoo and be asked to report it. if we make it abort, _everyone_ will tell us, and very loudly. I just think this is a silly thing to push by default. As I keep asking, why is this different from SSP, which we don't force by default.
You have a point, Rob. But instead of switching this to be non-default, let's switch SSP to be default instead.
seems to be working OK as is
