This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #16453] Don't use alloca in addgetnetgrentX
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 15 Jan 2014 15:01:03 +0100
- Subject: Re: [PATCH][BZ #16453] Don't use alloca in addgetnetgrentX
- Authentication-results: sourceware.org; auth=none
- References: <20140115113452 dot GJ1618 at spoyarek dot pnq dot redhat dot com>
On Wed, Jan 15, 2014 at 05:04:52PM +0530, Siddhesh Poyarekar wrote:
> Hi,
>
> addgetnetgrentX has a buffer which is grown as per the needs of the
> requested size either by using alloca or by falling back to malloc if
> the size is larger than 1K. There are two problems with the alloca
> bits: firstly, it doesn't really extend the buffer since it does not
> use the return value of the extend_alloca macro, which is the location
> of the reallocated buffer. Due to this the buffer does not actually
> extend itself and hence a subsequent write may overwrite stuff on the
> stack.
>
> The second problem is more subtle - the buffer growth on the stack is
> discontinuous due to block scope local variables. Combine that with
> the fact that unlike realloc, extend_alloca does not copy over old
> content and you have a situation where the buffer just has garbage in
> the space where it should have had data.
>
> This could have been fixed by adding code to copy over old data
> whenever we call extend_alloca, but it seems unnecessarily
> complicated. This code is not exactly a performance hotspot (it's
> called when there is a cache miss, so factors like network lookup or
> file reads will dominate over memory allocation/reallocation), so this
> premature optimization is unnecessary.
>
> The bug report has a reproducer and I verified that the reproducer is
> fixed with this patch. OK to commit?
>
Looks ok