This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #15670] Replace alloca in __tzfile_read by malloc.


On Mon, Oct 14, 2013 at 01:53:19PM -0400, Mike Frysinger wrote:
> On Monday 14 October 2013 10:49:52 OndÅej BÃlka wrote:
> > On Mon, Oct 14, 2013 at 02:03:57PM +0000, Joseph S. Myers wrote:
> > > On Mon, 14 Oct 2013, Ondrej Bilka wrote:
> > > > This is one of bugs that take longer to read than to fix. There is a
> > > > unbound alloca and obvious limit is PATH_MAX.
> > > 
> > > This also doesn't deal with the point in the bug that strlen (either
> > > strlen) could overflow the "unsigned int" variables.
> > > 
> > > You need to change both variables to size_t and check __libc_use_alloca
> > > to determine whether to use alloca or malloc.
> > 
> > And what is alloca doing there anyway? This code is in no way
> > performance critical so malloc should suffice.
> > ...
> > @@ -157,7 +157,7 @@ __tzfile_read (const char *file, size_t extra, char
> > **extrap) else
> >  	tzdir_len = strlen (tzdir);
> >        len = strlen (file) + 1;
> > -      new = (char *) __alloca (tzdir_len + 1 + len);
> > +      new = (char *) malloc (tzdir_len + 1 + len);
> 
> and what do you do when (tzdir_len+1+len) overflows ?

It can't unless tzdir and file overlap in storage. In general it's a
useful fact that, unless objects overlap, the sum of their sizes never
overflows. (Here there's a +1 too, but since you have at least 1 byte
of other data or code in the process's address space, you can treat
that as the size of another non-overlapping object.)

Rich


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]