lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-07 06:43:00 +03:00
Code Activity

vfprintf-internal: Get rid of alloca.

Browse Source 
Avoid potential stack overflow from unbounded alloca.  Use the existing
scratch_buffer instead.

Add testcases to exercise the code as suggested by Adhemerval Zanella Netto.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
This commit is contained in:
Joe Simmons-Talbott
2023-07-31 19:42:32 +00:00
parent 510fc20d73
commit 5c37d20652
2 changed files with 152 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
stdio-common/tst-vfprintf-user-type.c
View File

@@ -194,6 +194,136 @@ do_test (void)
TEST_COMPARE_STRING (str, "[[(123, 457.000000) (123, 457.000000)]]"); TEST_COMPARE_STRING (str, "[[(123, 457.000000) (123, 457.000000)]]");
free (str); free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "%1$P %2$P %3$P %4$P %5$P %6$P",
1L, 1.0,
2L, 2.0,
3L, 3.0,
4L, 4.0,
5L, 6.0,
6L, 6.0)
>= 0);
free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "%1$P %2$P %3$P %4$P %5$P %6$P"
"%7$P %8$P %9$P %10$P %11$P %12$P",
1L, 1.0,
2L, 2.0,
3L, 3.0,
4L, 4.0,
5L, 6.0,
6L, 6.0,
7L, 7.0,
8L, 8.0,
9L, 9.0,
10L, 10.0,
11L, 11.0,
12L, 12.0)
>= 0);
free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "%1$P %2$P %3$P %4$P %5$P %6$P"
"%7$P %8$P %9$P %10$P %11$P %12$P"
"%13$P %14$P %15$P %16$P %17$P %18$P",
1L, 1.0,
2L, 2.0,
3L, 3.0,
4L, 4.0,
5L, 6.0,
6L, 6.0,
7L, 7.0,
8L, 8.0,
9L, 9.0,
10L, 10.0,
11L, 11.0,
12L, 12.0,
13L, 13.0,
14L, 14.0,
15L, 15.0,
16L, 16.0,
17L, 17.0,
18L, 18.0)
>= 0);
free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "%1$P %2$P %3$P %4$P %5$P %6$P"
"%7$P %8$P %9$P %10$P %11$P %12$P"
"%13$P %14$P %15$P %16$P %17$P %18$P"
"%19$P %20$P %21$P %22$P %23$P %24$P",
1L, 1.0,
2L, 2.0,
3L, 3.0,
4L, 4.0,
5L, 6.0,
6L, 6.0,
7L, 7.0,
8L, 8.0,
9L, 9.0,
10L, 10.0,
11L, 11.0,
12L, 12.0,
13L, 13.0,
14L, 14.0,
15L, 15.0,
16L, 16.0,
17L, 17.0,
18L, 18.0,
19L, 19.0,
20L, 20.0,
21L, 21.0,
22L, 22.0,
23L, 23.0,
24L, 24.0)
>= 0);
free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "%1$P %2$P %3$P %4$P %5$P %6$P"
"%7$P %8$P %9$P %10$P %11$P %12$P"
"%13$P %14$P %15$P %16$P %17$P %18$P"
"%19$P %20$P %21$P %22$P %23$P %24$P"
"%25$P %26$P %27$P %28$P %29$P %30$P",
1L, 1.0,
2L, 2.0,
3L, 3.0,
4L, 4.0,
5L, 6.0,
6L, 6.0,
7L, 7.0,
8L, 8.0,
9L, 9.0,
10L, 10.0,
11L, 11.0,
12L, 12.0,
13L, 13.0,
14L, 14.0,
15L, 15.0,
16L, 16.0,
17L, 17.0,
18L, 18.0,
19L, 19.0,
20L, 20.0,
21L, 21.0,
22L, 22.0,
23L, 23.0,
24L, 34.0,
25L, 25.0,
26L, 26.0,
27L, 27.0,
28L, 28.0,
29L, 29.0,
30, 30.0)
>= 0);
free (str);
str = NULL;
TEST_VERIFY (asprintf_alias (&str, "[[%1$P %1$P]]", 123L, 457.0) >= 0);
TEST_COMPARE_STRING (str, "[[(123, 457.000000) (123, 457.000000)]]");
free (str);
str = NULL; str = NULL;
TEST_VERIFY (asprintf_alias (&str, "[[%.1P]]", 1L, 2.0) >= 0); TEST_VERIFY (asprintf_alias (&str, "[[%.1P]]", 1L, 2.0) >= 0);
TEST_COMPARE_STRING (str, "[[{(1, 2.000000)}]]"); TEST_COMPARE_STRING (str, "[[{(1, 2.000000)}]]");

23
stdio-common/vfprintf-internal.c
View File

@@ -1130,6 +1130,8 @@ printf_positional (struct Xprintf_buffer * buf, const CHAR_T *format,
union printf_arg *args_value; union printf_arg *args_value;
int *args_size; int *args_size;
int *args_type; int *args_type;
void *args_pa_user;
size_t args_pa_user_offset;
{ {
/* Calculate total size needed to represent a single argument /* Calculate total size needed to represent a single argument
across all three argument-related arrays. */ across all three argument-related arrays. */
@@ -1146,6 +1148,7 @@ printf_positional (struct Xprintf_buffer * buf, const CHAR_T *format,
now. */ now. */
args_size = &args_value[nargs].pa_int; args_size = &args_value[nargs].pa_int;
args_type = &args_size[nargs]; args_type = &args_size[nargs];
args_pa_user = &args_type[nargs];
memset (args_type, (mode_flags & PRINTF_FORTIFY) != 0 ? '\xff' : '\0', memset (args_type, (mode_flags & PRINTF_FORTIFY) != 0 ? '\xff' : '\0',
nargs * sizeof (*args_type)); nargs * sizeof (*args_type));
} }
@@ -1235,7 +1238,25 @@ printf_positional (struct Xprintf_buffer * buf, const CHAR_T *format,
else if (__glibc_unlikely (__printf_va_arg_table != NULL) else if (__glibc_unlikely (__printf_va_arg_table != NULL)
&& __printf_va_arg_table[args_type[cnt] - PA_LAST] != NULL) && __printf_va_arg_table[args_type[cnt] - PA_LAST] != NULL)
{ {
args_value[cnt].pa_user = alloca (args_size[cnt]); while (args_pa_user + args_size[cnt] >
argsbuf.data + argsbuf.length)
{
args_pa_user_offset = args_pa_user - (void *) &args_type[nargs];
if (!scratch_buffer_grow_preserve (&argsbuf))
{
Xprintf_buffer_mark_failed (buf);
goto all_done;
}
args_value = argsbuf.data;
/* Set up the remaining two arrays to each point past the end of
the prior array, since space for all three has been allocated
now. */
args_size = &args_value[nargs].pa_int;
args_type = &args_size[nargs];
args_pa_user = (void *) &args_type[nargs] + args_pa_user_offset;
}
args_value[cnt].pa_user = args_pa_user;
args_pa_user += args_size[cnt];
(*__printf_va_arg_table[args_type[cnt] - PA_LAST]) (*__printf_va_arg_table[args_type[cnt] - PA_LAST])
(args_value[cnt].pa_user, ap_savep); (args_value[cnt].pa_user, ap_savep);
} }