This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #15670] Replace alloca in __tzfile_read by malloc.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: "Joseph S. Myers" <joseph at codesourcery dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 14 Oct 2013 16:49:52 +0200
- Subject: Re: [PATCH][BZ #15670] Replace alloca in __tzfile_read by malloc.
- Authentication-results: sourceware.org; auth=none
- References: <20131014131522 dot GA23174 at domone dot podge> <Pine dot LNX dot 4 dot 64 dot 1310141359220 dot 11037 at digraph dot polyomino dot org dot uk>
On Mon, Oct 14, 2013 at 02:03:57PM +0000, Joseph S. Myers wrote:
> On Mon, 14 Oct 2013, Ondrej Bilka wrote:
>
> > This is one of bugs that take longer to read than to fix. There is a
> > unbound alloca and obvious limit is PATH_MAX.
>
>
> This also doesn't deal with the point in the bug that strlen (either
> strlen) could overflow the "unsigned int" variables.
>
> You need to change both variables to size_t and check __libc_use_alloca to
> determine whether to use alloca or malloc.
>
And what is alloca doing there anyway? This code is in no way
performance critical so malloc should suffice.
* time/tzfile.c (__tzfile_read): Replace alloca with malloc.
diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130..6ca6b5d 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
int was_using_tzfile = __use_tzfile;
int trans_width = 4;
size_t tzspec_len;
+ char *new = NULL, *tmp;
if (sizeof (time_t) != 4 && sizeof (time_t) != 8)
abort ();
@@ -145,8 +146,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
if (*file != '/')
{
const char *tzdir;
- unsigned int len, tzdir_len;
- char *new, *tmp;
+ size_t len, tzdir_len;
tzdir = getenv ("TZDIR");
if (tzdir == NULL || *tzdir == '\0')
@@ -157,7 +157,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
else
tzdir_len = strlen (tzdir);
len = strlen (file) + 1;
- new = (char *) __alloca (tzdir_len + 1 + len);
+ new = (char *) malloc (tzdir_len + 1 + len);
tmp = __mempcpy (new, tzdir, tzdir_len);
*tmp++ = '/';
memcpy (tmp, file, len);
@@ -173,6 +173,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
{
/* Nothing to do. */
__use_tzfile = 1;
+ free (new);
return;
}
@@ -528,11 +529,13 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
__timezone = -rule_stdoff;
__use_tzfile = 1;
+ free (new);
return;
lose:
fclose (f);
ret_free_transitions:
+ free (new);
free ((void *) transitions);
transitions = NULL;
}