[OTR-dev] Usage of assert
jvoisin
julien.voisin at dustri.org
Thu Feb 20 11:53:19 EST 2014
Hello,
it seems that libotr uses `assert` all around its code.
As said in the man page:
If the macro NDEBUG was defined at the moment <assert.h> was last
included, the macro assert() generates no code, and hence
does nothing at all. Otherwise, the macro assert() prints an
error message to standard error and terminates the program by
calling abort(3) if expression is false (i.e., compares equal to
zero).
The purpose of this macro is to help the programmer find bugs
in his program. The message "assertion failed in file foo.c,
function do_bar(), line 1287" is of no help at all to a user.
Assert is not a mean to check for things like failed malloc, it's to
find bugs. Also, its behavior depends if NDEBUG is defined, which may be
true, or not (Hello `-DNDEBUG`).
Even more worrying, the man of abort says that abort raises SIGABRT,
that will kill the application closing and flusing all open streams.
Unfortunately, libotr is a cryptographic library: some memory area need
to be securely erased. This is not the case when an assert goes wrong.
Time to write some patches ;)
Cheers,
--
jvoisin
More information about the OTR-dev
mailing list