Date: Fri, 7 Apr 2017 20:39:43 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: rgrimes@freebsd.org Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r316613 - in stable/11/lib/libc: gen iconv net regex rpc stdio stdlib Message-ID: <ccc876ea-badb-605b-c833-dc8313cbad94@FreeBSD.org> In-Reply-To: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net> References: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello;
On 7/4/2017 19:19, Rodney W. Grimes wrote:
> [ Charset UTF-8 unsupported, converting... ]
>> ...
>> @@ -306,8 +306,8 @@ __enlarge_env(void)
>> envVarsTotal++;
>> if (envVarsTotal > envVarsSize) {
>> newEnvVarsSize = envVarsTotal * 2;
>> - tmpEnvVars = realloc(envVars, sizeof (*envVars) *
>> - newEnvVarsSize);
>> + tmpEnvVars = reallocarray(envVars, newEnvVarsSize,
>> + sizeof(*envVars));
>> if (tmpEnvVars == NULL) {
>> envVarsTotal--;
>> return (false);
>>
>>
> I am not sure, but isnt this a code pessimization as you now push
> an extra arg on the stack, and also remove the possiblity of compile
> time const calculation of foo * bar?
>
The implementation is simply a bounds-check around realloc().
I guess you could compare it with the result and effects of using calloc
(a, b)
instead of malloc (a*b) and a memset.
Oh, it *is* a pessimization, but it is insignificant, and it happens at
the precise
but rare time when something rather important (memory allocation) is
about to
happen. In a world full of malicious users that are actually looking for
new ways to
cause such overflows I think it's a pretty cheap price to pay.
I have stopped extending it through the tree for now due to 2 issues:
- Portability, it has been adopted by all the BSDs, newlib, and even
illumos
so it's less of an issue but perhaps it's better to wait some more.
- Compiler bugs: clang generated broken code when I tried to use it in
libpam
so I ended up reverting it (r315164). I can't really investigate it or
hunt down
other places where it may happen but it appears to happen only when one
of the parameters is signed!
Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ccc876ea-badb-605b-c833-dc8313cbad94>