From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D1C963858D28 for ; Mon, 28 Aug 2023 18:29:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D1C963858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1693247366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/1u0MBq0nGtPm4T5fbmsQdWIdRkN6j/Nc63r6xJg18U=; b=P8LbGC875tI2DBA3+jBGYRvxFSFe/6/LHomplF/nS2zdhEpPYTSc/TTQ8H4r9MWQsvEpoQ a73ItCYqHyb0FRmfFQCYnHlmhY9r7nO5f8SbhHDzS96troY08CFn1MNH9Tq1HitBsvdjK/ GqGeMWdHlguz9EAA8yaK6IqJ+T3dHss= Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-679-qxqeWLjUOFyfl_mMW0Orkw-1; Mon, 28 Aug 2023 14:29:23 -0400 X-MC-Unique: qxqeWLjUOFyfl_mMW0Orkw-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1E0163815EF1; Mon, 28 Aug 2023 18:29:23 +0000 (UTC) Received: from oak (unknown [10.22.33.147]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 02626401E54; Mon, 28 Aug 2023 18:29:22 +0000 (UTC) Date: Mon, 28 Aug 2023 14:29:21 -0400 From: Joe Simmons-Talbott To: Adhemerval Zanella Netto Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] argp-help: Get rid of alloca. Message-ID: <20230828182921.GY3849957@oak> References: <20230712170206.3675587-1-josimmon@redhat.com> <210fb967-9e1e-a429-e612-728ac2d24f91@linaro.org> MIME-Version: 1.0 In-Reply-To: <210fb967-9e1e-a429-e612-728ac2d24f91@linaro.org> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00,DKIM_INVALID,DKIM_SIGNED,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, Aug 28, 2023 at 01:52:30PM -0300, Adhemerval Zanella Netto wrote: > > > On 12/07/23 14:02, Joe Simmons-Talbott via Libc-alpha wrote: > > Replace alloca with a scratch_buffer to avoid potential stack overflow. > > > > Checked on x86_64-linux-gnu > > --- > > argp/argp-help.c | 26 +++++++++++++++++++++++--- > > 1 file changed, 23 insertions(+), 3 deletions(-) > > > > diff --git a/argp/argp-help.c b/argp/argp-help.c > > index d019ed58d2..a5982334f6 100644 > > --- a/argp/argp-help.c > > +++ b/argp/argp-help.c > > @@ -40,6 +40,7 @@ char *alloca (); > > # endif > > #endif > > > > +#include > > #include > > #include > > #include > > @@ -1450,8 +1451,17 @@ hol_usage (struct hol *hol, argp_fmtstream_t stream) > > { > > unsigned nentries; > > struct hol_entry *entry; > > - char *short_no_arg_opts = alloca (strlen (hol->short_options) + 1); > > - char *snao_end = short_no_arg_opts; > > + struct scratch_buffer buf; > > + scratch_buffer_init (&buf); > > + char *short_no_arg_opts; > > + char *snao_end; > > + > > + if (!scratch_buffer_set_array_size (&buf, 1, > > + strlen (hol->short_options) + 1)) > > + return; > > I am not sure how to properly handle memory allocation failures here, since the interface > does have a way to return failures. On other places that call malloc, such as make_hol, > it at least adds a assert. I think it should do the same here. Fixed in v2. > > > + short_no_arg_opts = buf.data; > > + snao_end = short_no_arg_opts; > > + > > > > /* First we put a list of short options without arguments. */ > > for (entry = hol->entries, nentries = hol->num_entries > > @@ -1478,6 +1488,8 @@ hol_usage (struct hol *hol, argp_fmtstream_t stream) > > ; entry++, nentries--) > > hol_entry_long_iterate (entry, usage_long_opt, > > entry->argp->argp_domain, stream); > > + > > + scratch_buffer_free (&buf); > > } > > } > > > > @@ -1698,7 +1710,13 @@ _help (const struct argp *argp, const struct argp_state *state, FILE *stream, > > { > > int first_pattern = 1, more_patterns; > > size_t num_pattern_levels = argp_args_levels (argp); > > - char *pattern_levels = alloca (num_pattern_levels); > > + struct scratch_buffer buf; > > + scratch_buffer_init (&buf); > > + char *pattern_levels; > > + > > + if (!scratch_buffer_set_array_size (&buf, 1, num_pattern_levels)) > > + return; > > + pattern_levels = buf.data; > > > > memset (pattern_levels, 0, num_pattern_levels); > > > > Same as before. > Fixed in v2. > > @@ -1746,6 +1764,8 @@ _help (const struct argp *argp, const struct argp_state *state, FILE *stream, > > first_pattern = 0; > > } > > while (more_patterns); > > + > > + scratch_buffer_free (&buf); > > } > > > > if (flags & ARGP_HELP_PRE_DOC) >