Date: Fri, 7 Apr 2017 20:39:43 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r316613 - in stable/11/lib/libc: gen iconv net regex rpc stdio stdlib Message-ID: <ccc876ea-badb-605b-c833-dc8313cbad94@FreeBSD.org> In-Reply-To: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net> References: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello; On 7/4/2017 19:19, Rodney W. Grimes wrote: > [ Charset UTF-8 unsupported, converting... ] >> ... >> @@ -306,8 +306,8 @@ __enlarge_env(void) >> envVarsTotal++; >> if (envVarsTotal > envVarsSize) { >> newEnvVarsSize = envVarsTotal * 2; >> - tmpEnvVars = realloc(envVars, sizeof (*envVars) * >> - newEnvVarsSize); >> + tmpEnvVars = reallocarray(envVars, newEnvVarsSize, >> + sizeof(*envVars)); >> if (tmpEnvVars == NULL) { >> envVarsTotal--; >> return (false); >> >> > I am not sure, but isnt this a code pessimization as you now push > an extra arg on the stack, and also remove the possiblity of compile > time const calculation of foo * bar? > The implementation is simply a bounds-check around realloc(). I guess you could compare it with the result and effects of using calloc (a, b) instead of malloc (a*b) and a memset. Oh, it *is* a pessimization, but it is insignificant, and it happens at the precise but rare time when something rather important (memory allocation) is about to happen. In a world full of malicious users that are actually looking for new ways to cause such overflows I think it's a pretty cheap price to pay. I have stopped extending it through the tree for now due to 2 issues: - Portability, it has been adopted by all the BSDs, newlib, and even illumos so it's less of an issue but perhaps it's better to wait some more. - Compiler bugs: clang generated broken code when I tried to use it in libpam so I ended up reverting it (r315164). I can't really investigate it or hunt down other places where it may happen but it appears to happen only when one of the parameters is signed! Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ccc876ea-badb-605b-c833-dc8313cbad94>