From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=xn+C=D3=redhat.com=josimmon@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by sourceware.org (Postfix) with ESMTPS id 5E44F3887F7C
	for <libc-alpha@sourceware.org>; Thu, 10 Aug 2023 13:34:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5E44F3887F7C
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1691674470;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=PQCqPNahp6C1ueFiUOR8HQZ1gZGLqY1Xeifv55zvkFM=;
	b=Dap8u2+u7Sbb9xOtrY60SOdbObprDzBQlHJzqkv4PgNc5A/8M2VzPg+Ymy3bhKhckc5qIO
	rJnUmvGnLucQGou90n0AoAPlmBwTeytGcjgFpNs4eIFKbZxQw1yqdVH0hQwfBRVJnZwk1M
	1LPb8X+wlCY9Hki2IShHx7jl1blZMrA=
Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-468-ovSJno53OaShSlsg4Kxaag-1; Thu, 10 Aug 2023 09:34:26 -0400
X-MC-Unique: ovSJno53OaShSlsg4Kxaag-1
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2450D29ABA26;
	Thu, 10 Aug 2023 13:34:21 +0000 (UTC)
Received: from oak (unknown [10.22.33.199])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 048C7492C13;
	Thu, 10 Aug 2023 13:34:20 +0000 (UTC)
Date: Thu, 10 Aug 2023 09:34:19 -0400
From: Joe Simmons-Talbott <josimmon@redhat.com>
To: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH] fxprintf: Get rid of alloca
Message-ID: <20230810133344.GH3849957@oak>
References: <20230707175349.2096131-1-josimmon@redhat.com>
 <e7636e36-9bf3-5e90-ee0b-cf770954e9c1@linaro.org>
MIME-Version: 1.0
In-Reply-To: <e7636e36-9bf3-5e90-ee0b-cf770954e9c1@linaro.org>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Wed, Jul 19, 2023 at 03:12:43PM -0300, Adhemerval Zanella Netto wrote:
> 
> 
> On 07/07/23 14:53, Joe Simmons-Talbott via Libc-alpha wrote:
> > Use a scratch_buffer rather than alloca/malloc to avoid potential stack
> > overflow.
> 
> LGTM, thanks.
> 
> Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

Should I apply this despite the seemingly unrelated test timeout[1] in
CI?

[1]
https://patchwork.sourceware.org/project/glibc/patch/20230707175349.2096131-1-josimmon@redhat.com/

Thanks,
Joe
> 
> > ---
> >  stdio-common/fxprintf.c | 14 ++++++--------
> >  1 file changed, 6 insertions(+), 8 deletions(-)
> > 
> > diff --git a/stdio-common/fxprintf.c b/stdio-common/fxprintf.c
> > index f0ac9654ab..88501ab61f 100644
> > --- a/stdio-common/fxprintf.c
> > +++ b/stdio-common/fxprintf.c
> > @@ -15,6 +15,7 @@
> >     License along with the GNU C Library; if not, see
> >     <https://www.gnu.org/licenses/>.  */
> >  
> > +#include <scratch_buffer.h>
> >  #include <stdarg.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> > @@ -34,20 +35,18 @@ locked_vfxprintf (FILE *fp, const char *fmt, va_list ap,
> >    wchar_t *wfmt;
> >    mbstate_t mbstate;
> >    int res;
> > -  int used_malloc = 0;
> >    size_t len = strlen (fmt) + 1;
> > +  struct scratch_buffer buf;
> > +  scratch_buffer_init (&buf);
> >  
> >    if (__glibc_unlikely (len > SIZE_MAX / sizeof (wchar_t)))
> >      {
> >        __set_errno (EOVERFLOW);
> >        return -1;
> >      }
> 
> This check is redundant, but scratch_buffer_set_array_size would return
> ENOMEM in this case.  I guess it should not change this for now.
> 
> > -  if (__libc_use_alloca (len * sizeof (wchar_t)))
> > -    wfmt = alloca (len * sizeof (wchar_t));
> > -  else if ((wfmt = malloc (len * sizeof (wchar_t))) == NULL)
> > +  if (!scratch_buffer_set_array_size (&buf, sizeof (wchar_t), len))
> >      return -1;
> > -  else
> > -    used_malloc = 1;
> > +  wfmt = buf.data;
> >  
> >    memset (&mbstate, 0, sizeof mbstate);
> >    res = __mbsrtowcs (wfmt, &fmt, len, &mbstate);
> > @@ -55,8 +54,7 @@ locked_vfxprintf (FILE *fp, const char *fmt, va_list ap,
> >    if (res != -1)
> >      res = __vfwprintf_internal (fp, wfmt, ap, mode_flags);
> >  
> > -  if (used_malloc)
> > -    free (wfmt);
> > +  scratch_buffer_free (&buf);
> >  
> >    return res;
> >  }
>