HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jra_samba

no profile record

comments

jra_samba
·4 ay önce·discuss
Look into talloc, used inside Samba (and other FLOSS projects like sssd). Exactly this.
jra_samba
·4 ay önce·discuss
Tests. All changes must have tests. If they're generating the code, they can generate the tests too.
jra_samba
·6 ay önce·discuss
Fantastic summary of the early days by tridge !
jra_samba
·2 yıl önce·discuss
The FSF doesn't even enforce the license for its own projects, let alone any random GPL project. Please don't give people false ideas.
jra_samba
·3 yıl önce·discuss
I am a personal friend of Chris, and was with him through most of his tenure at Google (we both got laid off at the same time). When Chris said no (and it was rare), it was usually because people were thinking of themselves over the good of the company (and usually around personal projects they wanted to own instead of Google).

You might disagree with it (and I'm sure you do), but Chris always thought of the company first. He was the personal embodiment of early Google culture and a fantastic manager.

I just wish they'd made him a VP of Open Source (a position IMHO Google sorely needs). He probably could have staved off some of the failures.
jra_samba
·3 yıl önce·discuss
I used to "share" an office with Hixie at Google. Hixie used to store his board game collection in the office we nominally "shared", but he himself very rarely visited. I liked that just fine (let's just say I'm not a fan of "open" shared office spaces). My fondest Google office memories were sharing an office with Hixie, and "Mr Big Printer" which the Google Open Source Team used to print posters. We made an office CD label for "Mr Big Printer".
jra_samba
·4 yıl önce·discuss
Not true. mmap is commonly used in malloc implementations. Look at this man page for jemalloc.

http://jemalloc.net/jemalloc.3.html

"Traditionally, allocators have used sbrk(2) to obtain memory, which is suboptimal for several reasons, including race conditions, increased fragmentation, and artificial limitations on maximum usable memory. If sbrk(2) is supported by the operating system, this allocator uses both mmap(2) and sbrk(2), in that order of preference; otherwise only mmap(2) is used."

Also, Google's tcmalloc uses mmap to get system memory:

https://github.com/google/tcmalloc/blob/master/docs/design.m...

"An allocation for k pages is satisfied by looking in the kth free list. If that free list is empty, we look in the next free list, and so forth. Eventually, we look in the last free list if necessary. If that fails, we fetch memory from the system mmap."

In fact I'd be surprised to see a modern malloc implementation that doesn't use mmap under the hood.
jra_samba
·4 yıl önce·discuss
No, it doesn't.

malloc(0) != malloc(0) because the internal malloc header is different for each allocation.

Asking for a malloc of size n, means internally the malloc library allocates n + h, where h is the internal malloc header size. So there is always an allocation being done for at least a size of h, just with an internal bookkeeping "size" field set to zero.

and yes, while(1) malloc(0); will eventually run out of memory, counter-intuitively :-).
jra_samba
·4 yıl önce·discuss
It's just a warmup. Tells me how the candidate thinks about such things. In production code of course the max size is limited to avoid DoS. My bug in Samba was missing the behavior of the zero case.
jra_samba
·4 yıl önce·discuss
Well yes. I'm looking for competent C coders. Competent C coders know how malloc works. It goes with the territory.
jra_samba
·4 yıl önce·discuss
Many protocols read values of a network to specify how much is left in the packet (it's how packet boundaries are usually encoded, specifically in SMB1/2/3). So yes, no matter how paranoid you are you're eventually going to have to pass that value to something in your code :-).
jra_samba
·4 yıl önce·discuss
See the replies below. Someone just submitted a really comprehensive answer !
jra_samba
·4 yıl önce·discuss
That's right ! Great answer.

malloc() is a very old API. A more modern version would probably looks like:

err_code malloc(size_t size, void **returned_ptr);

The current malloc() overloads the return to say NULL == no memory available/internal malloc fail for some reason and as far as the standard goes, allowing NULL return if size==0.

So if you get NULL back from malloc, did it really mean no memory/malloc fail, or zero size passed in ?

glibc and all implementations distinguish the two by allocating a internal malloc heap header, but with internal size bookkeeping size of zero, returning a pointer to the byte after the internal malloc heap header.

The only valid things you can do with the returned pointer is test it for != NULL, or pass it to realloc() or free(). You can never dereference it.

Returning a valid pointer to NO DATA is what all modern implementations do when a size==0 is requested.

In an interview situation, discussions around all these points are very productive, telling me how the candidate thinks about API design and how to fix a bad old one, whether they know anything about malloc internals (which is essential as overwriting internal malloc header info is a common security attack), and how they deal with errors returned from code.

Remember, it was only my warmup question :-). Things get really interesting after that :-) :-).
jra_samba
·4 yıl önce·discuss
I don't code to in C++ anymore. Did a long time ago. I'm looking for careful programmers around security and API design. This is nothing to do with performance tuning. It's to do with security.
jra_samba
·4 yıl önce·discuss
mmap, brk, sbrk are standard POSIX system calls.
jra_samba
·4 yıl önce·discuss
It uses the mmap, sbrk or brk system calls. All perfectly callable from C.
jra_samba
·4 yıl önce·discuss
Of course malloc is implemented in C. Look at the glibc source code.
jra_samba
·4 yıl önce·discuss
Yes. Write test code for glibc. You'll find it always returns one of the two. There is a reason for that.
jra_samba
·4 yıl önce·discuss
No, that's not true. If you know anything about C and writing secure code (which I what I was probing for) you know about using malloc(). You know because you have to know something about the internals of memory management.

Imagine you just read a 4 byte value off the network, and it's part of a protocol that specifies how many more bytes there are to read. You might (in error, ahem... :-) pass that value to malloc(). So knowing what might happen if an attacker puts an unexpected value in there is something you need to think about.

If you don't know or can't guess because you don't know how malloc() works, then you're not the person I'm looking for.
jra_samba
·4 yıl önce·discuss
Candidate answers to this also tell me if they understand anything about malloc implementations, which is a very useful skill to have as a C coder.