From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1594354-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A435F15838C
	for <garchives@archives.gentoo.org>; Thu, 25 Jan 2024 05:06:08 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D0E3CE2A74;
	Thu, 25 Jan 2024 05:06:07 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id AA617E2A74
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 Jan 2024 05:06:07 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id A065B3433E6
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 Jan 2024 05:06:06 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 1331C1133
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 Jan 2024 05:06:05 +0000 (UTC)
From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" <vapier@gentoo.org>
Message-ID: <1706158971.77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc.vapier@gentoo>
Subject: [gentoo-commits] proj/pax-utils:master commit in: /
X-VCS-Repository: proj/pax-utils
X-VCS-Files: meson.build paxinc.c porting.h
X-VCS-Directories: /
X-VCS-Committer: vapier
X-VCS-Committer-Name: Mike Frysinger
X-VCS-Revision: 77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc
X-VCS-Branch: master
Date: Thu, 25 Jan 2024 05:06:05 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 8cb978fa-2fe6-4f9e-b276-da7f382e67f9
X-Archives-Hash: 850a156e76eacbf7cd4d94f69f67a0d0

commit:     77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 05:02:51 2024 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 05:02:51 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=77bf161b

ar: switch from alloca to malloc

If alloca allocates too much stack space, program behavior is undefined,
and basically we segfault.  There is no way to check whether this will
happen ahead of time, so our only choice is to switch to malloc.  If we
try to allocate too much memory from the heap, we'll get a NULL pointer,
and we can diagnose & exit ourselves.  Kind of sucks as alloca was a
perfect fit here, but since the size is coming directly from user input,
we can't trust it is always "reasonable".

Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 meson.build | 1 -
 paxinc.c    | 5 ++++-
 porting.h   | 3 ---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/meson.build b/meson.build
index e891d98..319e3de 100644
--- a/meson.build
+++ b/meson.build
@@ -44,7 +44,6 @@ foreach x : [
   'linux/seccomp.h',
   'linux/securebits.h',
   'sys/prctl.h',
-  'alloca.h',
   'elf-hints.h',
   'glob.h',
 ]

diff --git a/paxinc.c b/paxinc.c
index 21844d8..644c0d6 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -89,11 +89,13 @@ static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int bas
 archive_member *ar_next(archive_handle *ar)
 {
 	char *s;
+	char *heap_s = NULL;
 	ssize_t len = 0;
 	static archive_member ret;
 
 	if (ar->skip && lseek(ar->fd, ar->skip, SEEK_CUR) == -1) {
 close_and_ret:
+		free(heap_s);
 		free(ar->extfn);
 		close(ar->fd);
 		ar->extfn = NULL;
@@ -146,7 +148,7 @@ close_and_ret:
 			if (read(ar->fd, ret.buf.formatted.name, len) != len)
 				goto close_and_ret;
 		} else {
-			s = alloca(sizeof(char) * len + 1);
+			s = heap_s = xmalloc(sizeof(char) * (len + 1));
 			if (read(ar->fd, s, len) != len)
 				goto close_and_ret;
 			s[len] = '\0';
@@ -167,6 +169,7 @@ close_and_ret:
 	}
 
 	snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
+	free(heap_s);
 	ret.name[sizeof(ret.name) - 1] = '\0';
 	if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
 		*s = '\0';

diff --git a/porting.h b/porting.h
index 68e2b6c..103d268 100644
--- a/porting.h
+++ b/porting.h
@@ -40,9 +40,6 @@
 #include <time.h>
 #include <unistd.h>
 #include "elf.h"
-#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
-#endif
 #ifdef HAVE_SYS_PRCTL_H
 # include <sys/prctl.h>
 # ifdef HAVE_LINUX_SECCOMP_H