From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=4JSZ=CX=redhat.com=josimmon@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id 558053857033
	for <libc-alpha@sourceware.org>; Wed,  5 Jul 2023 17:19:47 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 558053857033
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1688577586;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8L1T1p0ivQOcflwo+6JcpTYZReDp2Dzgr25Ak6LCfn0=;
	b=fsH2gy62OsqWFWy3Jyl1fc+QkOjIXF//a4R0lC0Y2gAWF/YgFBiQRdUGfN1tsMjbKD/Bro
	i5BfxWyrhq7kN7i0nkYxhc24PQ3PMmFvWVdmOcqRzm89nkZ189BpF4h7PbmyaTVVcUOkWX
	rIrPsxEJ1gohuN0NjeMVtA0LadFkH98=
Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com
 [209.85.219.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-421-ohvarkbOPNefQmwYJeMZOA-1; Wed, 05 Jul 2023 13:19:45 -0400
X-MC-Unique: ohvarkbOPNefQmwYJeMZOA-1
Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-62fe5abe808so7413206d6.1
        for <libc-alpha@sourceware.org>; Wed, 05 Jul 2023 10:19:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1688577585; x=1691169585;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=8L1T1p0ivQOcflwo+6JcpTYZReDp2Dzgr25Ak6LCfn0=;
        b=gxX1U477biyRIHoqM+zWgLbuLUXgsMuxZ/pBkfqoUi4YCiOYfUMg1EWQGShiY6tYuX
         NNKljDfSZoUnHyfr57lCeE8iw1+4WOLyoOGy/qOI5im79mjasuCOoxYHhd+4Kej4KtYV
         3i7frxVH5HDQSTtgbgXKg+G+dEGHmjfIwP6XxUNFwkLgiAa2pgpXCm+bObFAR+MiQlxa
         6HcWpzfe4gfBZHhtl+eivExWR1A0a2Qe7C8mmptOsTrwv4Kztwvo+YiGW/Wb2ZYL6ZGj
         yhsV1wEQqcNcuwcqOPu4QMTNZaTKUf16VU7qYseRJkzkdlX6J9E8E9xbSaoUK2MZ8uWB
         vYhw==
X-Gm-Message-State: ABy/qLY/+2zvz0dGt+rur9FbHccaf6fU9ePnNkiLVRZq5AxjZQyfuJLQ
	qOZIPbzyK5hAKzCMMiWZMFBWNvEbit5Fh7WT4RKu/CZ3o1rmaCuCvSkA64YPnRedLNifMXhKdEu
	0cHWQzc9LkfwsIuLiQyy654TFmkEIl3hYPPjnxLDkAsJYVqvk4dMccZ45OhJ3TJ+jd0Vd8Hwhcu
	M7iIib
X-Received: by 2002:a05:6214:2b0b:b0:631:eca9:1964 with SMTP id jx11-20020a0562142b0b00b00631eca91964mr3163664qvb.24.1688577585003;
        Wed, 05 Jul 2023 10:19:45 -0700 (PDT)
X-Google-Smtp-Source: APBJJlFs4GKInI+Y53w3pdfl+6P80sMFl15AK9iRFRV8FOlsMk7bfVNP+C3u5AgffLdy0ZimCI0Apw==
X-Received: by 2002:a05:6214:2b0b:b0:631:eca9:1964 with SMTP id jx11-20020a0562142b0b00b00631eca91964mr3163647qvb.24.1688577584616;
        Wed, 05 Jul 2023 10:19:44 -0700 (PDT)
Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238])
        by smtp.gmail.com with ESMTPSA id cy11-20020a05621418cb00b0062febc332f0sm13816976qvb.130.2023.07.05.10.19.43
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 05 Jul 2023 10:19:44 -0700 (PDT)
From: Joe Simmons-Talbott <josimmon@redhat.com>
To: libc-alpha@sourceware.org
Cc: Joe Simmons-Talbott <josimmon@redhat.com>
Subject: [PATCH] printf_fp: Get rid of alloca.
Date: Wed,  5 Jul 2023 13:19:38 -0400
Message-Id: <20230705171938.1465837-1-josimmon@redhat.com>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

Replace unbounded alloca calls with scratch_buffers to avoid potential
stack overflow.
---
 stdio-common/printf_fp.c | 59 ++++++++++++++++++++++++++++------------
 1 file changed, 41 insertions(+), 18 deletions(-)

diff --git a/stdio-common/printf_fp.c b/stdio-common/printf_fp.c
index 6f22985ba1..9d6925a624 100644
--- a/stdio-common/printf_fp.c
+++ b/stdio-common/printf_fp.c
@@ -28,6 +28,7 @@
 #include <gmp-mparam.h>
 #include <gmp.h>
 #include <ieee754.h>
+#include <scratch_buffer.h>
 #include <stdlib/gmp-impl.h>
 #include <stdlib/longlong.h>
 #include <stdlib/fpioconst.h>
@@ -181,8 +182,15 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
 
   /* Buffer in which we produce the output.  */
   char *wbuffer = NULL;
-  /* Flag whether wbuffer and buffer are malloc'ed or not.  */
-  int buffer_malloced = 0;
+
+  struct scratch_buffer sbuf_frac;
+  scratch_buffer_init (&sbuf_frac);
+  struct scratch_buffer sbuf_tmp;
+  scratch_buffer_init (&sbuf_tmp);
+  struct scratch_buffer sbuf_scale;
+  scratch_buffer_init (&sbuf_scale);
+  struct scratch_buffer sbuf_wbuffer;
+  scratch_buffer_init (&sbuf_wbuffer);
 
   p.expsign = 0;
 
@@ -268,9 +276,27 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
 			     + (GREATER_MANT_DIG / BITS_PER_MP_LIMB > 2
 				? 8 : 4))
 			    * sizeof (mp_limb_t);
-    p.frac = (mp_limb_t *) alloca (bignum_size);
-    p.tmp = (mp_limb_t *) alloca (bignum_size);
-    p.scale = (mp_limb_t *) alloca (bignum_size);
+    
+    if (!scratch_buffer_set_array_size (&sbuf_frac, 1, bignum_size))
+      {
+        __printf_buffer_mark_failed (buf);
+        goto free_mem_out;
+      }
+    p.frac = sbuf_frac.data;
+
+    if (!scratch_buffer_set_array_size (&sbuf_tmp, 1, bignum_size))
+      {
+        __printf_buffer_mark_failed (buf);
+        goto free_mem_out;
+      }
+    p.tmp = sbuf_tmp.data;
+
+    if (!scratch_buffer_set_array_size (&sbuf_scale, 1, bignum_size))
+      {
+        __printf_buffer_mark_failed (buf);
+        goto free_mem_out;
+      }
+    p.scale = sbuf_scale.data;
   }
 
   /* We now have to distinguish between numbers with positive and negative
@@ -744,19 +770,13 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
 	return;
       }
     size_t wbuffer_to_alloc = 2 + chars_needed;
-    buffer_malloced = ! __libc_use_alloca (wbuffer_to_alloc);
-    if (__builtin_expect (buffer_malloced, 0))
+    if (!scratch_buffer_set_array_size (&sbuf_wbuffer, 1, wbuffer_to_alloc))
       {
-	wbuffer = malloc (wbuffer_to_alloc);
-	if (wbuffer == NULL)
-	  {
-	    /* Signal an error to the caller.  */
-	    __printf_buffer_mark_failed (buf);
-	    return;
-	  }
+	/* Signal an error to the caller.  */
+	__printf_buffer_mark_failed (buf);
+	goto free_mem_out;
       }
-    else
-      wbuffer = alloca (wbuffer_to_alloc);
+    wbuffer = sbuf_wbuffer.data;
     wcp = wstartp = wbuffer + 2;	/* Let room for rounding.  */
 
     /* Do the real work: put digits in allocated buffer.  */
@@ -1025,8 +1045,11 @@ __printf_fp_buffer_1 (struct __printf_buffer *buf, locale_t loc,
       __printf_buffer_pad (buf, info->pad, width);
   }
 
-  if (buffer_malloced)
-    free (wbuffer);
+free_mem_out:
+  scratch_buffer_free (&sbuf_frac);
+  scratch_buffer_free (&sbuf_tmp);
+  scratch_buffer_free (&sbuf_scale);
+  scratch_buffer_free (&sbuf_wbuffer);
 }
 
 /* ASCII to localization translation.  Multibyte version.  */
-- 
2.39.2