bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] maint.mk: add syntax-check to avoid char[PATH_MAX]


From: Eric Blake
Subject: Re: [PATCH] maint.mk: add syntax-check to avoid char[PATH_MAX]
Date: Thu, 23 Jun 2011 06:24:44 -0600
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.10

On 06/23/2011 03:02 AM, Jim Meyering wrote:
> Eric Blake wrote:
>> POSIX allows PATH_MAX to be undefined.  And even if you use the
>> gnulib pathmax module, where "pathmax.h" guarantees a definition,
>> the definition might not be constant or might be so large as to
>> be wasteful or cause stack overflows.  PATH_MAX should only be
>> used as a limit or hueristic, not an array size.

>>
>> +# Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might
>> +# not be constant.  In general, use PATH_MAX as a limit, not an array
>> +# allocation bound.
>> +sc_prohibit_path_max_array:
>> +    @prohibit='\[PATH''_MAX'                                        \
>> +    halt='Avoid arrays of size PATH_MAX'                            \
>> +      $(_sc_search_regexp)
> 
> I like it.
> As you and Paul discussed, some projects may well
> want to disable the test, but that is easy enough.
> 
> However, I would suggest a more permissive regexp, e.g.,
> 

> 
> We could detect those, too:
> 
>         @prohibit='(\balloca *\([^)]*|\[[^]]*)PATH''_MAX'             \
> 
> but that would require a different diagnostic, since there
> is no "array" involved, so it may be better to leave that for
> a separate stack-size-related test.

How about this?  Yes, I'm proposing renaming the rule to better reflect
its use.

diff --git i/top/maint.mk w/top/maint.mk
index 4408a4e..8c42093 100644
--- i/top/maint.mk
+++ w/top/maint.mk
@@ -1135,11 +1135,11 @@ sc_Wundef_boolean:
          $(_sc_search_regexp)

 # Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might
-# not be constant.  In general, use PATH_MAX as a limit, not an array
-# allocation bound.
-sc_prohibit_path_max_array:
-       @prohibit='\[PATH''_MAX'                                        \
-       halt='Avoid arrays of size PATH_MAX'                            \
+# not be constant, or might overflow a stack.  In general, use PATH_MAX as
+# a limit, not an array or alloca size.
+sc_prohibit_path_max_allocation:
+       @prohibit='(\balloca *\([^)]*|\[[^]]*)PATH_MAX'                 \
+       halt='Avoid allocations of size PATH_MAX'                       \
          $(_sc_search_regexp)

 sc_vulnerable_makefile_CVE-2009-4029:

-- 
Eric Blake   address@hidden    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]