This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #15670] Replace alloca in __tzfile_read by malloc.


On Mon, Oct 14, 2013 at 02:03:57PM +0000, Joseph S. Myers wrote:
> On Mon, 14 Oct 2013, Ondrej Bilka wrote:
> 
> > This is one of bugs that take longer to read than to fix. There is a
> > unbound alloca and obvious limit is PATH_MAX.
> 
> 
> This also doesn't deal with the point in the bug that strlen (either 
> strlen) could overflow the "unsigned int" variables.
> 
> You need to change both variables to size_t and check __libc_use_alloca to 
> determine whether to use alloca or malloc.
> 

And what is alloca doing there anyway? This code is in no way
performance critical so malloc should suffice.

	* time/tzfile.c (__tzfile_read): Replace alloca with malloc.

diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130..6ca6b5d 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   int was_using_tzfile = __use_tzfile;
   int trans_width = 4;
   size_t tzspec_len;
+  char *new = NULL, *tmp;
 
   if (sizeof (time_t) != 4 && sizeof (time_t) != 8)
     abort ();
@@ -145,8 +146,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   if (*file != '/')
     {
       const char *tzdir;
-      unsigned int len, tzdir_len;
-      char *new, *tmp;
+      size_t len, tzdir_len;
 
       tzdir = getenv ("TZDIR");
       if (tzdir == NULL || *tzdir == '\0')
@@ -157,7 +157,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
       else
 	tzdir_len = strlen (tzdir);
       len = strlen (file) + 1;
-      new = (char *) __alloca (tzdir_len + 1 + len);
+      new = (char *) malloc (tzdir_len + 1 + len);
       tmp = __mempcpy (new, tzdir, tzdir_len);
       *tmp++ = '/';
       memcpy (tmp, file, len);
@@ -173,6 +173,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
     {
       /* Nothing to do.  */
       __use_tzfile = 1;
+      free (new);
       return;
     }
 
@@ -528,11 +529,13 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   __timezone = -rule_stdoff;
 
   __use_tzfile = 1;
+  free (new);
   return;
 
  lose:
   fclose (f);
  ret_free_transitions:
+  free (new);
   free ((void *) transitions);
   transitions = NULL;
 }


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]