:: Re: [DNG] "Common knowledge?"-quest…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: KatolaZ
日付:  
To: Rainer Weikusat
CC: dng
題目: Re: [DNG] "Common knowledge?"-question
On Sat, Jan 23, 2016 at 06:36:46PM +0000, Rainer Weikusat wrote:
> Peter Olson <peabo@???> writes:
> 5>> On January 22, 2016 at 4:34 PM Rainer Weikusat <rainerweikusat@???> wrote:
>
> [...]
>
> >>     p = buf = alloca(total);

>
> [...]
>
> > the failure mode of alloca is SIGSEGV or some other malfunction and
> > there is no way to test for it
>
> It's supposed to allocate memory in the current stack frame which will
> work unless the stack has already grown to the limit.


Since the size of alloca is determined by the user, not by the
developer of the function, you should assume that the call to alloca
is a potential source of attacks based on stack overflow, or of
very-hard-to-reproduce SIGSEGVs.

Also, in this specific case there is no need at all to copy the two
input strings in an internal buffer. The following function will do
exactly the same:

void another_print_start(char *name, char *what){

char c[3] = " :";

c[2] = name[0] & ~0x20;

write(2, c+2, 1);
write(2, name+1, strlen(name) -1);
write(2, c, 2);
write(2, what, strlen(what));

}

It's just a little more cryptic (and I admit that reusing the last
byte of c[] is not best-practices), but avoids a call to alloca(3)
(which is anyway deprecated) with minimal space overhead, and the
problem of managing internal buffers otherwise. I assumed that you had
to use write(2) instead of fprintf(3), for whatever reason, even if I
can't see why this should be the case, since if you have alloca(3)
then you should most probably also have fprintf(3), whatever the
implementation of the C library....

My2Cents

KatolaZ

--
[ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ]
[ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ]
[ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ]
[ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ]