From owner-svn-src-stable-11@freebsd.org Sat Apr 8 01:39:57 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFA03D33DB5 for ; Sat, 8 Apr 2017 01:39:57 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm26-vm5.bullet.mail.ne1.yahoo.com (nm26-vm5.bullet.mail.ne1.yahoo.com [98.138.91.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B1E8D54 for ; Sat, 8 Apr 2017 01:39:57 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1491615590; bh=YDbYYNoIO5XrIdKzbv5sSzj7nW2xKePQ4Sy6uPD1YEk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=PPst9MwaoBn08/jVhXo3t1vr8lfHIddZUghNP3ui2iyJCSNz9BgIbe4z1SAgg1BoHgZciu+20kqaYw5L/pmNWm8BfxMJp6mTbT/cE9TwtCeQ/ERvhhNv2IH/ClAE3ZYyBNMbG1fMVLHdtpxTXhU6goBwXLApzo1nbWwuUAEPMDS/5cupPJoLAhqHHpgWN5VfBIsTDzSLqKZBbh2C+WCj1jTAr4Tb2oU2soG8l+n+KewoUkpTQFGlqpkD1qt50CV0O3W1yDtG7QHAZoqNH9e84ISn16lpUb5zgqKmBqchV6czjkRKc9mQw0xM9N6rnMJ2Fa/W/xw5InQl6Xnk0YSJPQ== Received: from [98.138.226.179] by nm26.bullet.mail.ne1.yahoo.com with NNFMP; 08 Apr 2017 01:39:50 -0000 Received: from [98.138.226.126] by tm14.bullet.mail.ne1.yahoo.com with NNFMP; 08 Apr 2017 01:39:50 -0000 Received: from [127.0.0.1] by smtp205.mail.ne1.yahoo.com with NNFMP; 08 Apr 2017 01:39:50 -0000 X-Yahoo-Newman-Id: 527108.16543.bm@smtp205.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 7kX66F8VM1k2yeUQgms7gRE.1lnIEVPoUdkCe4UD_FN.8Iw MszEnI41dhOR6nQQV5NCVp8VsagTrAIMFg27j3RYnpFewe5V.WcKK347pybj t6TavMeOk5BJrGe6ebSrXZ2nIyZAGnWTFQlA9Cwoo.HCjW0PJS69vLl7UBiM k2vYxHVVV0WwcQOf3XtFMQsk4otEzA9ssV0XtlrutgbD6EQICYnC6sSbukk4 KvIVZfseoMmARhKxkgegJuwEfF0H_ArNRE947MpEcmxzXw9yCxx1wDBsSyF4 SbeJW29Q8Zm7lnV5dDtdxGs4JXxkQEtcsfmJgKoJ.Fz_lO88NCMYErhs.9Z9 GZzpGd1HU0AjcTtqglGLxsoUM2bPqVU5qMNVqAe1OD5RSygivRTSsoZvWJ0D 3GBnQH2B6axd.nPPayyPCHjkyeVOQ.5NzX9.2zdjA1Tiiib1.wvseS0NGgvg cdfx4CG1xaKcvD6TjKj9K3s.jSaDZYZri.CX3ab.OIt3yv25hljGSPU1H_3d wzZQkYOObq5qSyK1jLwaJYuW05odPayqLaHGEkgELU39Z X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Subject: Re: svn commit: r316613 - in stable/11/lib/libc: gen iconv net regex rpc stdio stdlib To: rgrimes@freebsd.org References: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org From: Pedro Giffuni Organization: FreeBSD Project Message-ID: Date: Fri, 7 Apr 2017 20:39:43 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Apr 2017 01:39:57 -0000 Hello; On 7/4/2017 19:19, Rodney W. Grimes wrote: > [ Charset UTF-8 unsupported, converting... ] >> ... >> @@ -306,8 +306,8 @@ __enlarge_env(void) >> envVarsTotal++; >> if (envVarsTotal > envVarsSize) { >> newEnvVarsSize = envVarsTotal * 2; >> - tmpEnvVars = realloc(envVars, sizeof (*envVars) * >> - newEnvVarsSize); >> + tmpEnvVars = reallocarray(envVars, newEnvVarsSize, >> + sizeof(*envVars)); >> if (tmpEnvVars == NULL) { >> envVarsTotal--; >> return (false); >> >> > I am not sure, but isnt this a code pessimization as you now push > an extra arg on the stack, and also remove the possiblity of compile > time const calculation of foo * bar? > The implementation is simply a bounds-check around realloc(). I guess you could compare it with the result and effects of using calloc (a, b) instead of malloc (a*b) and a memset. Oh, it *is* a pessimization, but it is insignificant, and it happens at the precise but rare time when something rather important (memory allocation) is about to happen. In a world full of malicious users that are actually looking for new ways to cause such overflows I think it's a pretty cheap price to pay. I have stopped extending it through the tree for now due to 2 issues: - Portability, it has been adopted by all the BSDs, newlib, and even illumos so it's less of an issue but perhaps it's better to wait some more. - Compiler bugs: clang generated broken code when I tried to use it in libpam so I ended up reverting it (r315164). I can't really investigate it or hunt down other places where it may happen but it appears to happen only when one of the parameters is signed! Pedro.