This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Fix for PR68159 in Libiberty Demangler (6)
- From: Jakub Jelinek <jakub at redhat dot com>
- To: Jeff Law <law at redhat dot com>
- Cc: Marcel Böhme <boehme dot marcel at gmail dot com>, Jason Merrill <jason at redhat dot com>, Ian Lance Taylor <ian at airs dot com>, Jonathan Wakely <jwakely at redhat dot com>, gcc-patches at gcc dot gnu dot org, Bernd Schmidt <bschmidt at redhat dot com>
- Date: Mon, 16 May 2016 20:19:52 +0200
- Subject: Re: Fix for PR68159 in Libiberty Demangler (6)
- Authentication-results: sourceware.org; auth=none
- References: <CA6D41B5-FF4D-4614-9716-B4FBEC2A7D52 at gmail dot com> <20160506070951 dot GB26501 at tucnak dot zalov dot cz> <5A4EACD6-E1BA-4179-A49C-A296D109009E at gmail dot com> <20160506095154 dot GE26501 at tucnak dot zalov dot cz> <5B407446-2CD3-4ACA-8859-026F911E0B05 at gmail dot com> <20160506144945 dot GN26501 at tucnak dot zalov dot cz> <0634E155-4112-42A6-A93F-2557602C4809 at gmail dot com> <20160506151918 dot GO26501 at tucnak dot zalov dot cz> <5247f3d1-f36c-54fb-eecd-5bbf9691c2fc at redhat dot com>
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
On Mon, May 16, 2016 at 12:12:38PM -0600, Jeff Law wrote:
> On 05/06/2016 09:19 AM, Jakub Jelinek wrote:
> >On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
> >>+ dpi.copy_templates
> >>+ = (struct d_print_template *) malloc (((size_t) dpi.num_copy_templates)
> >>+ * sizeof (*dpi.copy_templates));
> >>+ if (! dpi.copy_templates)
> >>+ {
> >>+ d_print_error (&dpi);
> >>+ return 0;
> >>+ }
> >
> >Another thing to consider is if the common values of dpi.num_*
> >and similarly in the other block are small enough, it might be desirable
> >to just use an automatic fixed size array (or even alloca) and only
> >fall back to malloc if it is too large.
> Please, no, don't fall back to alloca like this. That coding idiom has been
> the source of numerous security exploits in glibc. Experience shows us that
> we are not capable of doing that correctly on a consistent basis.
Falling back to fixed size buffer is something we use heavily in gcc, and
are able to get it right, there is nothing hard in it.
For the cases where we can't use malloc at all and we'd need too much memory
that it won't fit into the static buffer, I think all we can do is fall back
into increasing the time complexity in the demangler by processing the
string multiple times.
Jakub