elf: Remove alloca usage from chroot_canon.
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
Commit Message
Replace alloca with scratch_buffers to prevent potential stack overflow.
---
elf/chroot_canon.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
@@ -15,6 +15,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, see <https://www.gnu.org/licenses/>. */
+#include <scratch_buffer.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -49,6 +50,10 @@ chroot_canon (const char *chroot, const char *name)
const char *rpath_limit;
int num_links = 0;
size_t chroot_len = strlen (chroot);
+ struct scratch_buffer sbuf;
+ scratch_buffer_init (&sbuf);
+ struct scratch_buffer extra_sbuf;
+ scratch_buffer_init (&extra_sbuf);
if (chroot_len < 1)
{
@@ -123,7 +128,9 @@ chroot_canon (const char *chroot, const char *name)
if (S_ISLNK (st.st_mode))
{
- char *buf = alloca (PATH_MAX);
+ if (!scratch_buffer_set_array_size (&sbuf, 1, PATH_MAX))
+ goto error;
+ char *buf = sbuf.data;
size_t len;
if (++num_links > __eloop_threshold ())
@@ -142,7 +149,11 @@ chroot_canon (const char *chroot, const char *name)
buf[n] = '\0';
if (!extra_buf)
- extra_buf = alloca (PATH_MAX);
+ {
+ if (!scratch_buffer_set_array_size (&extra_sbuf, 1, PATH_MAX))
+ goto error;
+ extra_buf = extra_sbuf.data;
+ }
len = strlen (end);
if (len >= PATH_MAX - n)
@@ -168,10 +179,14 @@ chroot_canon (const char *chroot, const char *name)
if (dest > rpath_root + 1 && dest[-1] == '/')
--dest;
*dest = '\0';
+ scratch_buffer_free (&sbuf);
+ scratch_buffer_free (&extra_sbuf);
return rpath;
error:
free (rpath);
+ scratch_buffer_free (&sbuf);
+ scratch_buffer_free (&extra_sbuf);
return NULL;
}