Joined: Jun 16, 2003 Posts: 10981 Location: California, USA
Posted: Sun Jun 29, 2008 5:33 pm Post subject: NeoOffice and OpenOffice.org 2.4.1 Security Fix
FYI. Ed and I reviewed this OpenOffice.org security bulletin this weekend and the good news is that none of the NeoOffice 2.x versions were ever affected by this security vulnerability.
For those that are curious, when we first upgraded the NeoOffice code to OpenOffice.org 2.0, we found that the OpenOffice.org custom memory allocation functions caused NeoOffice to crash. To fix this crashing, we turned off their custom functions and, instead, used the standard C malloc() and free() functions. Since malloc() and free() are Mac OS X functions and not custom OpenOffice.org code, NeoOffice is not affected by the security vulnerability.
I've never understood the desire of developers to write their own memory management functions instead of using the OS ones
It seems an extreme case of hubris to believe that a handful of people whose specialty is some other kind of software can create a better memory allocator than one that's well-used and (presumably) well-tested by developers of a core operating system (which requires those functions to be effective, bug-free, and performant)....
Smokey _________________ "[...] whether the duck drinks hot chocolate or coffee is irrelevant." -- ovvldc and sardisson in the NeoWiki
Joined: Jun 16, 2003 Posts: 10981 Location: California, USA
Posted: Sun Jun 29, 2008 9:13 pm Post subject:
sardisson wrote:
It seems an extreme case of hubris to believe that a handful of people whose specialty is some other kind of software can create a better memory allocator than one that's well-used and (presumably) well-tested by developers of a core operating system (which requires those functions to be effective, bug-free, and performant)....
I totally agree with you on this point. Reinventing the wheel may be interesting, but since in this case means reimplementing stable functions that, when they work, users never notice, this is all risk and no possible gain.
Maybe some would argue that there are performance improvements to be gained, but since I have not seen any hard performance statistics from OOo's engineers, I would find it hard to believe that there are 10% or 20% gains to be had over the operating system's implementation.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
Forum FAQ
Search
Usergroups
Profile
Private Messages
Log in
