[dr_rezzy]

So you are saying that adhering to memory bounds and limits (and possibly SLAs) should be ignored in favor of having your software crash because its easier? Sure, I can see it as a possible strategy in some cases. But to go ahead and cite this as a rule is kind of short sighted and a disservice to people who put thought into their memory allocation strategies.

[tptacek]

No. I favor not kidding yourself.

Almost no software of any significant size has been written in the last 10 years that can honestly claim to gracefully and reliably handle out-of-memory conditions.

Programming regimes that ostensibly cover out-of-memory cases are usually delusive; they provide for some superficial handling of out-of-memory issues (which usually just devolves to exiting the program anyways), but do nothing to address the myriad instances of malloc calls happening behind their backs in libraries or temporary allocations.

Fuck that. These people are going through extra work which (a) provides no greater user experience and (b) actually harms their program by creating opportunities for missed checks that propagate NULL pointers (which, when offset against, are actually exploitable!) through the rest of their code.

Just have malloc terminate your program for you when it fails and be done with it. You seriously aren't going to get anything else right, and it's silly to waste your time trying anyways.

[kragen]

The exceptions, I think, require that you aren't using tons of buggy third-party libraries. In AAA games and in bare-metal programming, for example, exiting the program is not an option, so you don't use libraries that might do that.