This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Use malloca instead alloca

From: Rich Felker <dalias at aerifal dot cx>
To: libc-alpha at sourceware dot org
Date: Fri, 28 Dec 2012 15:17:30 -0500
Subject: Re: [PATCH] Use malloca instead alloca
References: <20121228132908.GA23510@domone><50DDD217.4050707@cs.ucla.edu><20121228173823.GA15219@domone>

On Fri, Dec 28, 2012 at 06:38:23PM +0100, OndÅej BÃlka wrote:
>   /* malloca(N) is a safe variant of alloca(N).  It allocates N bytes of
>      memory allocated on the stack or heap for large requests.
>      It must be freed using freea() before
>      the function returns.  Upon failure, it returns NULL.  */
> 
> #if 1
> #define malloca(n) ({\
>   void *__r__ = NULL;\
>   if (n < 4096 - 8)\

This comparison is performed without promoting n to size_t. Although
in most correct usages it should not matter, I think this should be
fixed; things like malloca(-1) should fail (or allocate 4gb-1
successfully) rather than succeeding and then causing memory
corruption. Note that n is also being evaluated more than once, so
just storing it in a variable of type size_t first would avoid this
issue too.

Rich

Follow-Ups:
- Re: [PATCH] Use malloca instead alloca
  - From: OndÅej BÃlka

References:
- [PATCH] Use malloca instead alloca
  - From: OndÅej BÃlka
- Re: [PATCH] Use malloca instead alloca
  - From: Paul Eggert
- Re: [PATCH] Use malloca instead alloca
  - From: OndÅej BÃlka

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]