[Kaffe] could this buffer overflow?

Maxim Kizub max at immsp.kiev.ua
Fri Feb 5 18:03:46 PST 1999


Hello

I think, the better solution whould be usage of
alloca, like

char *buf =
alloca(strlen(CLASS_CNAME(meth->class))+strlen(meth->name->data)+...+N);
sprintf(buf,...);

The only problem is that there were talks here
that there are some problems with alloca?
Doesn't it exists for all compilers? Or there
may exists some problems with threads?
Maybe, code like

#ifdef USE_ALLOCA
char *buf = alloca(...);
#else
char buf[200];
#endif

or better
#define ALLOCATE_BUF(SIZE) char *buf = alloca(SIZE);
for most of platforms, and
#define ALLOCATE_BUF(SIZE) char buf[200];
for those that lacks of alloca,

will help to avoid the uncheched buffer problems
for most of compilers/platforms ?

Moses DeJong wrote:
> 
> I was looking at some code in stackTrace.c in the function
> printStackTrace() when I noticed this.
> 
> char buf[200];
> 
> ..
> 
> sprintf(buf, "\tat %.80s.%.80s(%s:%d)",
>     CLASS_CNAME(meth->class),
>     meth->name->data,
>     CLASS_SOURCEFILE(meth->class),
>     linenr);
> 
> Is it just me or does it seem like this buffer could overflow if
> the CLASS_SOURCEFILE name is longer than 30 chars?
> 
> Why not use snprintf so?
> 
> snprintf(buff, 200, ...
> 
> Mo DeJong
> dejong at cs.umn.edu


More information about the kaffe mailing list