diff mbox series

getaddrinfo: Get rid of alloca

Message ID 20230620214031.1241057-1-josimmon@redhat.com
State Superseded
Headers
Series getaddrinfo: Get rid of alloca |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Testing passed

Commit Message

Joe Simmons-Talbott June 20, 2023, 9:40 p.m. UTC 
  Use a scratch_buffer rather than alloca to avoid potential stack
overflow.
---
 sysdeps/posix/getaddrinfo.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

Comments

Adhemerval Zanella Netto June 30, 2023, 1:15 p.m. UTC | #1 
On 20/06/23 18:40, Joe Simmons-Talbott via Libc-alpha wrote:
> Use a scratch_buffer rather than alloca to avoid potential stack
> overflow.
> ---
>  sysdeps/posix/getaddrinfo.c | 22 ++++++++--------------
>  1 file changed, 8 insertions(+), 14 deletions(-)
> 
> diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> index 0356b622be..442475d621 100644
> --- a/sysdeps/posix/getaddrinfo.c
> +++ b/sysdeps/posix/getaddrinfo.c
> @@ -2404,22 +2404,17 @@ getaddrinfo (const char *name, const char *service,
>        struct addrinfo *q;
>        struct addrinfo *last = NULL;
>        char *canonname = NULL;
> -      bool malloc_results;
>        size_t alloc_size = nresults * (sizeof (*results) + sizeof (size_t));
> +      struct scratch_buffer buf;
> +      scratch_buffer_init (&buf);
>  
> -      malloc_results
> -	= !__libc_use_alloca (alloc_size);
> -      if (malloc_results)
> +      if (!scratch_buffer_set_array_size (&buf, 1, alloc_size))

I think it would be better to use:

  if (!scratch_buffer_set_array_size (&buf, nresults, 
				      sizeof (*results) + sizeof (size_t)))
    [...]

To use the overflow checks done by scratch_buffer_set_array_size (
sizeof (*results) + sizeof (size_t) is always safe so I think there is no
need to add extra checks).

>  	{
> -	  results = malloc (alloc_size);
> -	  if (results == NULL)
> -	    {
> -	      __free_in6ai (in6ai);
> -	      return EAI_MEMORY;
> -	    }
> +	  __free_in6ai (in6ai);
> +	  return EAI_MEMORY;
>  	}
> -      else
> -	results = alloca (alloc_size);
> +      results = buf.data;
> +
>        order = (size_t *) (results + nresults);
>  
>        /* Now we definitely need the interface information.  */
> @@ -2590,8 +2585,7 @@ getaddrinfo (const char *name, const char *service,
>        /* Fill in the canonical name into the new first entry.  */
>        p->ai_canonname = canonname;
>  
> -      if (malloc_results)
> -	free (results);
> +      scratch_buffer_free (&buf);
>      }
>  
>    __free_in6ai (in6ai);
Joe Simmons-Talbott June 30, 2023, 2:42 p.m. UTC | #2 
On Fri, Jun 30, 2023 at 10:15:48AM -0300, Adhemerval Zanella Netto wrote:
> 
> 
> On 20/06/23 18:40, Joe Simmons-Talbott via Libc-alpha wrote:
> > Use a scratch_buffer rather than alloca to avoid potential stack
> > overflow.
> > ---
> >  sysdeps/posix/getaddrinfo.c | 22 ++++++++--------------
> >  1 file changed, 8 insertions(+), 14 deletions(-)
> > 
> > diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
> > index 0356b622be..442475d621 100644
> > --- a/sysdeps/posix/getaddrinfo.c
> > +++ b/sysdeps/posix/getaddrinfo.c
> > @@ -2404,22 +2404,17 @@ getaddrinfo (const char *name, const char *service,
> >        struct addrinfo *q;
> >        struct addrinfo *last = NULL;
> >        char *canonname = NULL;
> > -      bool malloc_results;
> >        size_t alloc_size = nresults * (sizeof (*results) + sizeof (size_t));
> > +      struct scratch_buffer buf;
> > +      scratch_buffer_init (&buf);
> >  
> > -      malloc_results
> > -	= !__libc_use_alloca (alloc_size);
> > -      if (malloc_results)
> > +      if (!scratch_buffer_set_array_size (&buf, 1, alloc_size))
> 
> I think it would be better to use:
> 
>   if (!scratch_buffer_set_array_size (&buf, nresults, 
> 				      sizeof (*results) + sizeof (size_t)))
>     [...]
> 
> To use the overflow checks done by scratch_buffer_set_array_size (
> sizeof (*results) + sizeof (size_t) is always safe so I think there is no
> need to add extra checks).

You are correct.  Thanks for catching that and for the review.  I've
pushed your suggestion as v2.

Thanks,
Joe
diff mbox series

Patch

diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index 0356b622be..442475d621 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -2404,22 +2404,17 @@  getaddrinfo (const char *name, const char *service,
       struct addrinfo *q;
       struct addrinfo *last = NULL;
       char *canonname = NULL;
-      bool malloc_results;
       size_t alloc_size = nresults * (sizeof (*results) + sizeof (size_t));
+      struct scratch_buffer buf;
+      scratch_buffer_init (&buf);
 
-      malloc_results
-	= !__libc_use_alloca (alloc_size);
-      if (malloc_results)
+      if (!scratch_buffer_set_array_size (&buf, 1, alloc_size))
 	{
-	  results = malloc (alloc_size);
-	  if (results == NULL)
-	    {
-	      __free_in6ai (in6ai);
-	      return EAI_MEMORY;
-	    }
+	  __free_in6ai (in6ai);
+	  return EAI_MEMORY;
 	}
-      else
-	results = alloca (alloc_size);
+      results = buf.data;
+
       order = (size_t *) (results + nresults);
 
       /* Now we definitely need the interface information.  */
@@ -2590,8 +2585,7 @@  getaddrinfo (const char *name, const char *service,
       /* Fill in the canonical name into the new first entry.  */
       p->ai_canonname = canonname;
 
-      if (malloc_results)
-	free (results);
+      scratch_buffer_free (&buf);
     }
 
   __free_in6ai (in6ai);