On Mon, Apr 08, 2024 at 07:50:47PM +0200, Han-Wen Nienhuys wrote: > Op ma 8 apr 2024 07:44 schreef Patrick Steinhardt : > > > > It does raise the question what to do about the generic fallbacks. We > > could start calling `abort()` when we observe allocation failures. It's > > not exactly nice behaviour in a library though, where the caller may in > > fact want to handle this case. But it may at least be better than > > failing on a `NULL` pointer exception somewhere down the road. So it > > might be the best alternative for now. We could then conver the reftable > > library over time to handle allocation failures and, once that's done, > > we can eventually drop such a call to `abort()`. > > > I must admit that I didn't think this part through very much; I > believe someone told me that libgit2 has pluggable memory allocation > routines, so I tried to make the malloc pluggable here too. That was me probably back when I was writing the libgit2 backend. > Handling OOM better for the malloc calls themselves doesn't seem too > difficult, > > hanwen@fedora:~/vc/git/reftable$ grep [cme]alloc *c | wc > 57 276 3469 > > However, it is probably pointless as long as strbuf_* functions do not > signal OOM gracefully. There was some talk of libifying strbuf. Did > that work include returning OOM error codes in case malloc returns > null? A quick look at strbuf.h suggests not. Yeah, `strbuf` also crossed my mind. And there are some other systems that the reftable library calls into, like the tempfiles framework, that would continue to use `xmalloc()` and related functions. > I would just call xmalloc as default, rather than calling > reftable_set_alloc, because it might be tricky to ensure it is called > early enough. I don't think it should be particularly tricky to call `reftable_set_alloc()` early enough. The reftable code won't do any allocations before we set up the refdb. So calling this in our `main()` function in "common-main.c" should be sufficient. Patrick