From: Joe Simmons-Talbott <josimmon@redhat.com>
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH] printf_fp: Get rid of alloca.
Date: Wed, 5 Jul 2023 13:19:38 -0400 [thread overview]
Message-ID: <20230705171938.1465837-1-josimmon@redhat.com> (raw)
Replace unbounded alloca calls with scratch_buffers to avoid potential
stack overflow.
---
stdio-common/printf_fp.c | 59 ++++++++++++++++++++++++++++------------
1 file changed, 41 insertions(+), 18 deletions(-)
diff --git a/stdio-common/printf_fp.c b/stdio-common/printf_fp.c
index 6f22985ba1..9d6925a624 100644
--- a/stdio-common/printf_fp.c
+++ b/stdio-common/printf_fp.c
@@ -28,6 +28,7 @@
#include <gmp-mparam.h>
#include <gmp.h>
#include <ieee754.h>
+#include <scratch_buffer.h>
#include <stdlib/gmp-impl.h>
#include <stdlib/longlong.h>
#include <stdlib/fpioconst.h>
@@ -181,8 +182,15 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
/* Buffer in which we produce the output. */
char *wbuffer = NULL;
- /* Flag whether wbuffer and buffer are malloc'ed or not. */
- int buffer_malloced = 0;
+
+ struct scratch_buffer sbuf_frac;
+ scratch_buffer_init (&sbuf_frac);
+ struct scratch_buffer sbuf_tmp;
+ scratch_buffer_init (&sbuf_tmp);
+ struct scratch_buffer sbuf_scale;
+ scratch_buffer_init (&sbuf_scale);
+ struct scratch_buffer sbuf_wbuffer;
+ scratch_buffer_init (&sbuf_wbuffer);
p.expsign = 0;
@@ -268,9 +276,27 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
+ (GREATER_MANT_DIG / BITS_PER_MP_LIMB > 2
? 8 : 4))
* sizeof (mp_limb_t);
- p.frac = (mp_limb_t *) alloca (bignum_size);
- p.tmp = (mp_limb_t *) alloca (bignum_size);
- p.scale = (mp_limb_t *) alloca (bignum_size);
+
+ if (!scratch_buffer_set_array_size (&sbuf_frac, 1, bignum_size))
+ {
+ __printf_buffer_mark_failed (buf);
+ goto free_mem_out;
+ }
+ p.frac = sbuf_frac.data;
+
+ if (!scratch_buffer_set_array_size (&sbuf_tmp, 1, bignum_size))
+ {
+ __printf_buffer_mark_failed (buf);
+ goto free_mem_out;
+ }
+ p.tmp = sbuf_tmp.data;
+
+ if (!scratch_buffer_set_array_size (&sbuf_scale, 1, bignum_size))
+ {
+ __printf_buffer_mark_failed (buf);
+ goto free_mem_out;
+ }
+ p.scale = sbuf_scale.data;
}
/* We now have to distinguish between numbers with positive and negative
@@ -744,19 +770,13 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
return;
}
size_t wbuffer_to_alloc = 2 + chars_needed;
- buffer_malloced = ! __libc_use_alloca (wbuffer_to_alloc);
- if (__builtin_expect (buffer_malloced, 0))
+ if (!scratch_buffer_set_array_size (&sbuf_wbuffer, 1, wbuffer_to_alloc))
{
- wbuffer = malloc (wbuffer_to_alloc);
- if (wbuffer == NULL)
- {
- /* Signal an error to the caller. */
- __printf_buffer_mark_failed (buf);
- return;
- }
+ /* Signal an error to the caller. */
+ __printf_buffer_mark_failed (buf);
+ goto free_mem_out;
}
- else
- wbuffer = alloca (wbuffer_to_alloc);
+ wbuffer = sbuf_wbuffer.data;
wcp = wstartp = wbuffer + 2; /* Let room for rounding. */
/* Do the real work: put digits in allocated buffer. */
@@ -1025,8 +1045,11 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
__printf_buffer_pad (buf, info->pad, width);
}
- if (buffer_malloced)
- free (wbuffer);
+free_mem_out:
+ scratch_buffer_free (&sbuf_frac);
+ scratch_buffer_free (&sbuf_tmp);
+ scratch_buffer_free (&sbuf_scale);
+ scratch_buffer_free (&sbuf_wbuffer);
}
/* ASCII to localization translation. Multibyte version. */
--
2.39.2
next reply other threads:[~2023-07-05 17:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-05 17:19 Joe Simmons-Talbott [this message]
2023-08-28 20:36 ` Joe Simmons-Talbott
2023-08-31 19:02 ` Adhemerval Zanella Netto
2023-09-01 12:20 ` Florian Weimer
2023-09-01 12:35 ` Adhemerval Zanella Netto
2023-09-06 16:55 ` Adhemerval Zanella Netto
2023-09-06 20:28 ` Joe Simmons-Talbott
2023-09-11 12:00 ` Adhemerval Zanella Netto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230705171938.1465837-1-josimmon@redhat.com \
--to=josimmon@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).