Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't crash if more than 128 modes are available #105

Merged
merged 1 commit into from Jun 12, 2015
Merged

Don't crash if more than 128 modes are available #105

merged 1 commit into from Jun 12, 2015

Conversation

smcv
Copy link

@smcv smcv commented Jan 7, 2015

No description provided.

@ensiform
Copy link

ensiform commented Jan 8, 2015

I would suggest a more informative error message when out of memory. Simply saying out of memory is pretty basic and not helpful for users.

@timangus
Copy link
Member

timangus commented Jan 8, 2015

The chances of anyone ever seeing that message are extremely slim. Don't worry about it.

@smcv
Copy link
Author

smcv commented Jan 8, 2015

On normal Linux systems (and probably most other Unix flavours), malloc never actually returns NULL, because of overcommit behaviour. It can be configured to avoid overcommitting, but that's very unusual. Instead, the kernel optimistically provides some address space in the hope that, when it becomes necessary, it can back it with memory. Later, if it turns out the kernel needs more memory than is actually available, a heuristic (the OOM killer) tries to identify which process is misbehaving most badly and shoots it in the head (equivalent to kill -9).

In practice, OOM code paths are basically never tested, which usually means they don't work so making them more complicated than absolutely necessary is wasteful.

In any case, if we don't have enough memory for the number of video modes (if you get more than 128 in practice I'd be amazed) * the size of a SDL rectangle, then we've already lost; that isn't actually very much memory.

Comparing with the behaviour on equally low memory without this patch, even when we have < 128 modes: on entry to the function, we adjust the stack pointer to give us enough memory for 128 video modes, then try using it. If there isn't actually enough memory to back that array, the kernel can't satisfy our request to write to those pages, so it will either kill us with SIGSEGV, or invoke the OOM killer to find a suitable victim to shoot in the head so that we can continue. This is not actually any more graceful :-)

@smcv
Copy link
Author

smcv commented Mar 18, 2015

Any more thoughts on this?

I am currently applying this in Debian's ioquake3 package, because it seems wrong to ship code with a known stack buffer overflow, even one that is highly unlikely to appear in practice (> 128 modes).

If ioquake3 maintainers would prefer, I could change the patch so that instead of allocating short-term dynamic memory (which could in principle fail, although in practice if it ever does we're already doomed), it just ignores any modes beyond the 128th?

timangus added a commit that referenced this pull request Jun 12, 2015
@timangus
Merge pull request #105 from smcv/sdl-modes
77ad758 
Don't crash if more than 128 modes are available
@timangus timangus merged commit 77ad758 into ioquake:master Jun 12, 2015
@smcv smcv deleted the sdl-modes branch September 22, 2016 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@smcv @ensiform @timangus