[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] maint.mk: add syntax-check to avoid char[PATH_MAX]
From: |
Eric Blake |
Subject: |
Re: [PATCH] maint.mk: add syntax-check to avoid char[PATH_MAX] |
Date: |
Thu, 23 Jun 2011 06:24:44 -0600 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.10 |
On 06/23/2011 03:02 AM, Jim Meyering wrote:
> Eric Blake wrote:
>> POSIX allows PATH_MAX to be undefined. And even if you use the
>> gnulib pathmax module, where "pathmax.h" guarantees a definition,
>> the definition might not be constant or might be so large as to
>> be wasteful or cause stack overflows. PATH_MAX should only be
>> used as a limit or hueristic, not an array size.
>>
>> +# Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might
>> +# not be constant. In general, use PATH_MAX as a limit, not an array
>> +# allocation bound.
>> +sc_prohibit_path_max_array:
>> + @prohibit='\[PATH''_MAX' \
>> + halt='Avoid arrays of size PATH_MAX' \
>> + $(_sc_search_regexp)
>
> I like it.
> As you and Paul discussed, some projects may well
> want to disable the test, but that is easy enough.
>
> However, I would suggest a more permissive regexp, e.g.,
>
>
> We could detect those, too:
>
> @prohibit='(\balloca *\([^)]*|\[[^]]*)PATH''_MAX' \
>
> but that would require a different diagnostic, since there
> is no "array" involved, so it may be better to leave that for
> a separate stack-size-related test.
How about this? Yes, I'm proposing renaming the rule to better reflect
its use.
diff --git i/top/maint.mk w/top/maint.mk
index 4408a4e..8c42093 100644
--- i/top/maint.mk
+++ w/top/maint.mk
@@ -1135,11 +1135,11 @@ sc_Wundef_boolean:
$(_sc_search_regexp)
# Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might
-# not be constant. In general, use PATH_MAX as a limit, not an array
-# allocation bound.
-sc_prohibit_path_max_array:
- @prohibit='\[PATH''_MAX' \
- halt='Avoid arrays of size PATH_MAX' \
+# not be constant, or might overflow a stack. In general, use PATH_MAX as
+# a limit, not an array or alloca size.
+sc_prohibit_path_max_allocation:
+ @prohibit='(\balloca *\([^)]*|\[[^]]*)PATH_MAX' \
+ halt='Avoid allocations of size PATH_MAX' \
$(_sc_search_regexp)
sc_vulnerable_makefile_CVE-2009-4029:
--
Eric Blake address@hidden +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature