Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Apr 2017 20:39:43 -0500
From:      Pedro Giffuni <pfg@FreeBSD.org>
To:        rgrimes@freebsd.org
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   Re: svn commit: r316613 - in stable/11/lib/libc: gen iconv net regex rpc stdio stdlib
Message-ID:  <ccc876ea-badb-605b-c833-dc8313cbad94@FreeBSD.org>
In-Reply-To: <201704080019.v380JEI1057396@pdx.rh.CN85.dnsmgr.net>
index | next in thread | previous in thread | raw e-mail 

Hello;


On 7/4/2017 19:19, Rodney W. Grimes wrote:
> [ Charset UTF-8 unsupported, converting... ]
>> ...

>> @@ -306,8 +306,8 @@ __enlarge_env(void)
>>   	envVarsTotal++;
>>   	if (envVarsTotal > envVarsSize) {
>>   		newEnvVarsSize = envVarsTotal * 2;
>> -		tmpEnvVars = realloc(envVars, sizeof (*envVars) *
>> -		    newEnvVarsSize);
>> +		tmpEnvVars = reallocarray(envVars, newEnvVarsSize,
>> +		    sizeof(*envVars));
>>   		if (tmpEnvVars == NULL) {
>>   			envVarsTotal--;
>>   			return (false);
>>
>>
> I am not sure, but isnt this a code pessimization as you now push
> an extra arg on the stack, and also remove the possiblity of compile
> time const calculation of foo * bar?
>

The implementation is simply a bounds-check around realloc().
I guess you could compare it with the result and effects of using calloc 
(a, b)
instead of malloc (a*b) and a memset.

Oh, it *is* a pessimization, but it is insignificant, and it happens at 
the precise
but rare time when something rather important (memory allocation) is 
about to
happen. In a world full of malicious users that are actually looking for 
new ways to
cause such overflows I think it's a pretty cheap price to pay.

I have stopped extending it through the tree for now due to 2 issues:

- Portability,  it has been adopted by all the BSDs, newlib, and even 
illumos
so it's less of an issue but perhaps it's better to wait some more.

- Compiler bugs: clang generated broken code when I tried to use it in 
libpam
so I ended up reverting it (r315164). I can't really investigate it or 
hunt down
other places where it may happen but it appears to happen only when one
of the parameters is signed!

Pedro.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ccc876ea-badb-605b-c833-dc8313cbad94>