[PATCH v4] argp-help: Get rid of alloca.

[PATCH v4] argp-help: Get rid of alloca.

[Joe Simmons-Talbott]

Replace alloca with malloc to avoid potential stack overflow.

Checked on x86_64-linux-gnu
---
Changes to v3:
  * convert scratch_buffer to malloc.
Changes to v2:
  * Convert first scratch_buffer to malloc.
  * Remove alloca boilerplate.

 argp/argp-help.c | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/argp/argp-help.c b/argp/argp-help.c
index d019ed58d2..262729e976 100644
--- a/argp/argp-help.c
+++ b/argp/argp-help.c
@@ -25,21 +25,6 @@
 #include <config.h>
 #endif
 
-/* AIX requires this to be the first thing in the file.  */
-#ifndef __GNUC__
-# if HAVE_ALLOCA_H || defined _LIBC
-#  include <alloca.h>
-# else
-#  ifdef _AIX
-#pragma alloca
-#  else
-#   ifndef alloca /* predefined by HP cc +Olibcalls */
-char *alloca ();
-#   endif
-#  endif
-# endif
-#endif
-
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdlib.h>
@@ -1450,8 +1435,14 @@ hol_usage (struct hol *hol, argp_fmtstream_t stream)
     {
       unsigned nentries;
       struct hol_entry *entry;
-      char *short_no_arg_opts = alloca (strlen (hol->short_options) + 1);
-      char *snao_end = short_no_arg_opts;
+      char *short_no_arg_opts;
+      char *snao_end;
+
+      short_no_arg_opts = malloc (strlen (hol->short_options) + 1);
+      assert (short_no_arg_opts != NULL);
+
+      snao_end = short_no_arg_opts;
+	
 
       /* First we put a list of short options without arguments.  */
       for (entry = hol->entries, nentries = hol->num_entries
@@ -1478,6 +1469,8 @@ hol_usage (struct hol *hol, argp_fmtstream_t stream)
 	   ; entry++, nentries--)
 	hol_entry_long_iterate (entry, usage_long_opt,
 				entry->argp->argp_domain, stream);
+
+      free (short_no_arg_opts);
     }
 }
 \f
@@ -1698,7 +1691,10 @@ _help (const struct argp *argp, const struct argp_state *state, FILE *stream,
     {
       int first_pattern = 1, more_patterns;
       size_t num_pattern_levels = argp_args_levels (argp);
-      char *pattern_levels = alloca (num_pattern_levels);
+      char *pattern_levels;
+
+      pattern_levels = malloc (num_pattern_levels);
+      assert (pattern_levels != NULL);
 
       memset (pattern_levels, 0, num_pattern_levels);
 
@@ -1746,6 +1742,8 @@ _help (const struct argp *argp, const struct argp_state *state, FILE *stream,
 	  first_pattern = 0;
 	}
       while (more_patterns);
+
+      free (pattern_levels);
     }
 
   if (flags & ARGP_HELP_PRE_DOC)
-- 
2.39.2

Re: [PATCH v4] argp-help: Get rid of alloca.

[Andreas Schwab]

On Sep 13 2023, Joe Simmons-Talbott wrote:

> +      short_no_arg_opts = malloc (strlen (hol->short_options) + 1);
> +      assert (short_no_arg_opts != NULL);

A library should never use assert for resource exhaustion checks.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

Re: [PATCH v4] argp-help: Get rid of alloca.

[Adhemerval Zanella Netto]

On 14/09/23 03:57, Andreas Schwab wrote:
> On Sep 13 2023, Joe Simmons-Talbott wrote:
> 
>> +      short_no_arg_opts = malloc (strlen (hol->short_options) + 1);
>> +      assert (short_no_arg_opts != NULL);
> 
> A library should never use assert for resource exhaustion checks.
> 


There pre-existent issues regarding this on the argp code, that's why
I suggested to follow the current practice.  But I agree that is just
bad code, so maybe we should fix it before changing the alloca to use
malloc (either directly or through scratch_buffers).