You say that, but then, there are examples of terrible security bugs resulting from broken attempts at handling malloc failures, too.
The right answer is, I think:
* Don't add checking code at individual malloc call-sites.
* If you have an allocation regime where you need to do something better than abort in response to failure, don't use malloc directly for those allocations.
* Run your program with malloc rigged to blow up if it fails.
The right answer is, I think:
* Don't add checking code at individual malloc call-sites.
* If you have an allocation regime where you need to do something better than abort in response to failure, don't use malloc directly for those allocations.
* Run your program with malloc rigged to blow up if it fails.