From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-x2c.google.com (mail-oa1-x2c.google.com [IPv6:2001:4860:4864:20::2c]) by sourceware.org (Postfix) with ESMTPS id 195C73858C83 for ; Tue, 16 May 2023 19:29:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 195C73858C83 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-oa1-x2c.google.com with SMTP id 586e51a60fabf-199ba5154b3so6682220fac.1 for ; Tue, 16 May 2023 12:29:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684265342; x=1686857342; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=kEER9VVWMYBBgWVZGsjrJ6lkNjE/R3Hy8+CdkgCEZSk=; b=idWB50vr6vx8Btdo8H4Q2jwy752tOBVE1Evudf/L9WZXKXycbTimd0jqHA0h3ZQiaI 45cEcIn+jujk/TkdmD8+sKuUDzG1aNH8HVJSc5H13Y+6R7ua5yfddRdejXx5U74kofR4 d31MOJNqse5HkWUw+GMgSL2eKY6ctVguUUwsWnk+fzNMW08C2nVirZBbKsortGtQaMAs NQQYiUHQcI28sjUbGvyPip3Eat/rd+NOSqBOEry0zClA1j6o+Jo0Q+kPE52mfD91XmU2 kgMEhjhoOLyAjhFSJ0zlybJ7/7G3fg+Uz5qT5hUt274dVRK4IW+uGAa46GIYY/65RdRn hkpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684265342; x=1686857342; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kEER9VVWMYBBgWVZGsjrJ6lkNjE/R3Hy8+CdkgCEZSk=; b=Xtzb28eHCVQzY6f0xf3E7AZF+qstumrh5IvLtaY3MFJvfdQEpzvBgG4frRZaFe0MWK 5j5Rb37IsgweT3Rhw2bOs+9ErXqB5dV2EHGz00jGs8PqRazTNArEGptVY2rice+mCgk7 3VL4d43EZvJkaY4e2NHQNwo+LRDin5MSCkLMGNFb3CPZzHsIzbX+wXSbsh5SJBdvlBOr cMdF+319Hd/Du9Jj+auPjLGzE+Z21bBWRRcp8FZ+uIh+SzGEkvVaojIWk+Dd+t1tV/O9 0TBLFXNzZOfsYbI3IGaQSpgl0foYnzjXUdcEAhfe3k1LyKFjDHmL+lx0pBjrjY7cez/D KVzw== X-Gm-Message-State: AC+VfDyzhxKmRg5kmQxG4QaOEj3HBtKTH1tDFaF5uvBB9mIHGmxfpVIJ J9VIF9r2FgRbHUdNwQHJja8ghg== X-Google-Smtp-Source: ACHHUZ5dVCyoqLdW51bZIcDFytszsZEEo1RPukxGwcHyNgQysiPiCa9zoRRSiJMdLeL5Qj/XbOWQZQ== X-Received: by 2002:aca:f054:0:b0:396:2147:2588 with SMTP id o81-20020acaf054000000b0039621472588mr3202943oih.2.1684265342179; Tue, 16 May 2023 12:29:02 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c0:c914:28b3:cbf9:a103:6f88? ([2804:1b3:a7c0:c914:28b3:cbf9:a103:6f88]) by smtp.gmail.com with ESMTPSA id j20-20020a4adf54000000b0054fba751207sm7883529oou.47.2023.05.16.12.29.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 16 May 2023 12:29:01 -0700 (PDT) Message-ID: Date: Tue, 16 May 2023 16:28:58 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH] time: strftime_l: Use malloc rather than an unbounded alloca. Content-Language: en-US To: Joe Simmons-Talbott , libc-alpha@sourceware.org References: <20230510195946.3728273-1-josimmon@redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <20230510195946.3728273-1-josimmon@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-13.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 10/05/23 16:59, Joe Simmons-Talbott via Libc-alpha wrote: > Avoid possible stack overflow by replacing alloca() with malloc(). > --- > time/strftime_l.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/time/strftime_l.c b/time/strftime_l.c > index 402c6c4111..59d3e1a3b2 100644 > --- a/time/strftime_l.c > +++ b/time/strftime_l.c > @@ -273,8 +273,9 @@ static const CHAR_T zeroes[16] = /* "0000000000000000" */ > const char *__s = os; \ > memset (&__st, '\0', sizeof (__st)); \ > l = __mbsrtowcs_l (NULL, &__s, 0, &__st, loc); \ > - ws = alloca ((l + 1) * sizeof (wchar_t)); \ > - (void) __mbsrtowcs_l (ws, &__s, l, &__st, loc); \ > + ws = malloc ((l + 1) * sizeof (wchar_t)); \ > + if (ws != NULL) \ > + (void) __mbsrtowcs_l (ws, &__s, l, &__st, loc); \ > } > #endif > > @@ -1346,7 +1347,10 @@ __strftime_internal (CHAR_T *s, size_t maxsize, const CHAR_T *format, > wchar_t *wczone; > size_t len; > widen (zone, wczone, len); > + if (wczone == NULL) > + return 0; > cpy (len, wczone); > + free (wczone); > } > #else > cpy (strlen (zone), zone); Do we have a practical maximum size for the abbreviate timezone name? The internal tz_rule 'name' field is just a pointer, but I think all timezones uses a maximum name size.