From: storm@cua.dk (Kim F. Storm)
Cc: emacs-devel@gnu.org
Subject: Re: Preventing stack overflows with alloca.
Date: 18 Jun 2004 14:02:00 +0200 [thread overview]
Message-ID: <m3k6y5xefb.fsf@kfs-l.imdomain.dk> (raw)
In-Reply-To: <200406181113.UAA03743@etlken.m17n.org>
Kenichi Handa <handa@m17n.org> writes:
> > But there are other risky uses of alloca, so I suggest the
> > patch below which takes care of the problems in fns.c.
>
> Oops, I have completely forgotten about this problem.
> Actually I noticed it last year and sent the attached mail,
> but haven't worked on it any further. I remember Richard
> agreed with having the macro SAFE_ALLOCA. Of course we need
> the pairing SAFE_FREE which frees `address' and calls
> unbind_to if necessary.
Actually, now that you mention it, I remember your mail.
I think your approach is ok, but we can make it a bit
more generic with the following approach:
/* Define this in alloc.c */
Lisp_Object
safe_alloca_unwind (arg)
Lisp_Object arg;
{
xfree ((void *)arg);
return Qnil;
}
/* Add this to lisp.h */
extern Lisp_Object safe_alloca_unwind (Lisp_Object *);
#define USE_SAFE_ALLOCA \
int sa_count = SPECPDL_INDEX ()
#define SAFE_ALLOCA(buf, size) \
do { \
if (size < MAX_ALLOCA) \
buf = alloca (size); \
else \
record_unwind_protect (safe_alloca_unwind, \
(Lisp_Object)(buf = xmalloc (size))); \
} while (0)
#define SAFE_FREE(size) \
do { \
if (size >= MAX_ALLOCA) \
unbind_to (sa_count, Qnil); \
} while (0)
Of course, if a function already uses unwind protect,
it doesn't need USE_SAFE_ALLOCA and SAFE_FREE.
Since old_value is not a lisp object here,
we would need to fix (hack) GC like this:
for (bind = specpdl; bind != specpdl_ptr; bind++)
{
mark_object (bind->symbol);
if (bind->func != safe_alloca_unwind)
mark_object (bind->old_value);
}
A sample use would look like this:
Lisp_Object
string_make_multibyte (string)
Lisp_Object string;
{
unsigned char *buf;
int nbytes;
Lisp_Object ret;
USE_SAFE_ALLOCA;
if (STRING_MULTIBYTE (string))
return string;
nbytes = count_size_as_multibyte (SDATA (string),
SCHARS (string));
/* If all the chars are ASCII, they won't need any more bytes
once converted. In that case, we can return STRING itself. */
if (nbytes == SBYTES (string))
return string;
SAFE_ALLOCA (buf, nbytes);
copy_text (SDATA (string), buf, SBYTES (string),
0, 1);
ret = make_multibyte_string (buf, SCHARS (string), nbytes);
SAFE_FREE (nbytes);
return ret;
}
--
Kim F. Storm <storm@cua.dk> http://www.cua.dk
next prev parent reply other threads:[~2004-06-18 12:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-18 10:14 Preventing stack overflows with alloca Kim F. Storm
2004-06-18 11:13 ` Kenichi Handa
2004-06-18 12:02 ` Kim F. Storm [this message]
2004-06-19 0:19 ` Kenichi Handa
2004-06-19 3:19 ` Richard Stallman
2004-06-20 18:56 ` Kim F. Storm
2004-06-21 22:01 ` Kim F. Storm
2004-06-22 23:17 ` Richard Stallman
2004-10-25 17:11 ` Yoichi NAKAYAMA
2004-10-26 14:04 ` Kim F. Storm
2004-10-27 17:34 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3k6y5xefb.fsf@kfs-l.imdomain.dk \
--to=storm@cua.dk \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).