This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Use malloca instead alloca
On Fri, Dec 28, 2012 at 06:38:23PM +0100, OndÅej BÃlka wrote:
> /* malloca(N) is a safe variant of alloca(N). It allocates N bytes of
> memory allocated on the stack or heap for large requests.
> It must be freed using freea() before
> the function returns. Upon failure, it returns NULL. */
>
> #if 1
> #define malloca(n) ({\
> void *__r__ = NULL;\
> if (n < 4096 - 8)\
This comparison is performed without promoting n to size_t. Although
in most correct usages it should not matter, I think this should be
fixed; things like malloca(-1) should fail (or allocate 4gb-1
successfully) rather than succeeding and then causing memory
corruption. Note that n is also being evaluated more than once, so
just storing it in a variable of type size_t first would avoid this
issue too.
Rich