This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Fix for PR68159 in Libiberty Demangler (6)

From: Jakub Jelinek <jakub at redhat dot com>
To: Jeff Law <law at redhat dot com>
Cc: Marcel Böhme <boehme dot marcel at gmail dot com>, Jason Merrill <jason at redhat dot com>, Ian Lance Taylor <ian at airs dot com>, Jonathan Wakely <jwakely at redhat dot com>, gcc-patches at gcc dot gnu dot org, Bernd Schmidt <bschmidt at redhat dot com>
Date: Mon, 16 May 2016 20:19:52 +0200
Subject: Re: Fix for PR68159 in Libiberty Demangler (6)
Authentication-results: sourceware.org; auth=none
References: <CA6D41B5-FF4D-4614-9716-B4FBEC2A7D52 at gmail dot com> <20160506070951 dot GB26501 at tucnak dot zalov dot cz> <5A4EACD6-E1BA-4179-A49C-A296D109009E at gmail dot com> <20160506095154 dot GE26501 at tucnak dot zalov dot cz> <5B407446-2CD3-4ACA-8859-026F911E0B05 at gmail dot com> <20160506144945 dot GN26501 at tucnak dot zalov dot cz> <0634E155-4112-42A6-A93F-2557602C4809 at gmail dot com> <20160506151918 dot GO26501 at tucnak dot zalov dot cz> <5247f3d1-f36c-54fb-eecd-5bbf9691c2fc at redhat dot com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Mon, May 16, 2016 at 12:12:38PM -0600, Jeff Law wrote:
> On 05/06/2016 09:19 AM, Jakub Jelinek wrote:
> >On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
> >>+  dpi.copy_templates
> >>+    = (struct d_print_template *) malloc (((size_t) dpi.num_copy_templates)
> >>+					  * sizeof (*dpi.copy_templates));
> >>+  if (! dpi.copy_templates)
> >>+    {
> >>+      d_print_error (&dpi);
> >>+      return 0;
> >>+    }
> >
> >Another thing to consider is if the common values of dpi.num_*
> >and similarly in the other block are small enough, it might be desirable
> >to just use an automatic fixed size array (or even alloca) and only
> >fall back to malloc if it is too large.
> Please, no, don't fall back to alloca like this.  That coding idiom has been
> the source of numerous security exploits in glibc.  Experience shows us that
> we are not capable of doing that correctly on a consistent basis.

Falling back to fixed size buffer is something we use heavily in gcc, and
are able to get it right, there is nothing hard in it.

For the cases where we can't use malloc at all and we'd need too much memory
that it won't fit into the static buffer, I think all we can do is fall back
into increasing the time complexity in the demangler by processing the
string multiple times.

	Jakub

Follow-Ups:
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jeff Law

References:
- Fix for PR68159 in Libiberty Demangler (6)
  - From: Marcel BÃhme
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jakub Jelinek
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Marcel BÃhme
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jakub Jelinek
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Marcel BÃhme
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jakub Jelinek
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Marcel Böhme
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jakub Jelinek
- Re: Fix for PR68159 in Libiberty Demangler (6)
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]