diff mbox series

libc_fatal: Add comment regarding alloca usage.

Message ID 20230620184154.3804141-1-josimmon@redhat.com
State Superseded
Headers
Series libc_fatal: Add comment regarding alloca usage. |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Testing passed

Commit Message

Joe Simmons-Talbott June 20, 2023, 6:41 p.m. UTC 
  Since __libc_message is only used in a few places and always with a
const char * format string and a small fixed-sized struct the usage of
alloca here is safe.  Add a comment explaining this for both alloca
usages.
---
 sysdeps/posix/libc_fatal.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Joe Simmons-Talbott July 5, 2023, 3:16 p.m. UTC | #1 
On Tue, Jun 20, 2023 at 02:41:54PM -0400, Joe Simmons-Talbott wrote:
> Since __libc_message is only used in a few places and always with a
> const char * format string and a small fixed-sized struct the usage of
> alloca here is safe.  Add a comment explaining this for both alloca
> usages.

Ping.

Thanks,
Joe
> ---
>  sysdeps/posix/libc_fatal.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
> index 70edcc10c1..caa01bcbf6 100644
> --- a/sysdeps/posix/libc_fatal.c
> +++ b/sysdeps/posix/libc_fatal.c
> @@ -100,6 +100,9 @@ __libc_message (const char *fmt, ...)
>  	  cp = next;
>  	}
>  
> +      /* alloca is safe here since the current usage of __libc_message uses
> +         relatively short const char * format strings and a small fixed size
> +         struct. */
>        struct str_list *newp = alloca (sizeof (struct str_list));
>        newp->str = str;
>        newp->len = len;
> @@ -110,6 +113,9 @@ __libc_message (const char *fmt, ...)
>  
>    if (nlist > 0)
>      {
> +      /* alloca is safe here since the current usage of __libc_message uses
> +         relatively short const char * format strings and a small fixed size
> +         struct. */
>        struct iovec *iov = alloca (nlist * sizeof (struct iovec));
>        ssize_t total = 0;
>  
> -- 
> 2.39.2
>
diff mbox series

Patch

diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
index 70edcc10c1..caa01bcbf6 100644
--- a/sysdeps/posix/libc_fatal.c
+++ b/sysdeps/posix/libc_fatal.c
@@ -100,6 +100,9 @@  __libc_message (const char *fmt, ...)
 	  cp = next;
 	}
 
+      /* alloca is safe here since the current usage of __libc_message uses
+         relatively short const char * format strings and a small fixed size
+         struct. */
       struct str_list *newp = alloca (sizeof (struct str_list));
       newp->str = str;
       newp->len = len;
@@ -110,6 +113,9 @@  __libc_message (const char *fmt, ...)
 
   if (nlist > 0)
     {
+      /* alloca is safe here since the current usage of __libc_message uses
+         relatively short const char * format strings and a small fixed size
+         struct. */
       struct iovec *iov = alloca (nlist * sizeof (struct iovec));
       ssize_t total = 0;