Lighttpd

Hi, thx for bringing these problems to our attention. I'll answer here too for #2581, #2582 and #2583, because I can't see a logical reason to split them.

• lemon.c: this is just a parser generator; we don't care much about resource leaks or how to handle alloc failures (abort() or segfault.. whatever)
• get_http_version_name and get_http_method_name: if these return NULL there is something seriously wrong (most likely a memory corruption) - "ignoring" this is imho a very bad idea; i'd rather segfault (or `force_assert`).
• http_auth.c: mod_auth checks those two lookups are good at "configure" stage; if these break later there must be some serious problem; again I prefer a segfault or assert
• ignoring a `realloc` failure leaks memory!
• allocations should probably be checked with `force_assert`; if you can't allocate memory anymore it is very likely you get killed by the kernel soon anyway

I can't see anything serious in these reports; I probably should take a look at them again after I completed the work on my branch http://git.lighttpd.net/lighttpd/lighttpd-1.x.git/log/?h=lighttpd-1.4.x-stbuehler-api-cleanup

See recent comments in https://redmine.lighttpd.net/issues/2583

In the past few months, there have been numerous commits sprinkling more force_assert()s in the code.

Is this ticket a generic placeholder, or can this ticket be closed?

x-ref: https://redmine.lighttpd.net/boards/3/topics/6333 offers a large patch which adds lots of force_assert() for many/all memory allocations. That patch might be useful for debugging memory issues, but probably shouldn't be applied using force_assert(), which is always active at runtime. Maybe a debug_mem_assert() which could be enabled with a make macro/define?