Re: alloca and stack overflow

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Would this be ok? Fixing only the "critical" issue for now. (created
using hg export)

--8<------------------cut here------------------------------>8---
# HG changeset patch
# User Daniel Jour <dan...@gm...>
# Date 1472772999 -7200
#      Fri Sep 02 01:36:39 2016 +0200
# Node ID f663fe7ede9f27807a97f8c44de87d96edc7f9e6
# Parent  bb23fd0915fa5961a6c28f6b9f750ce98c31a560
Avoid stack overflow for large number of sub expressions in regex pattern

diff -r bb23fd0915fa -r f663fe7ede9f modules/regexp/regexi.c

--- a/modules/regexp/regexi.c Tue Aug 30 22:45:08 2016 -0400
+++ b/modules/regexp/regexi.c Fri Sep 02 01:36:39 2016 +0200
@@ -87,6 +87,7 @@
   rettype_t rettype = CHECK_RETTYPE(STACK_2);
   regex_t *re;
   regmatch_t *ret;
+  size_t ret_buffer_size;
   skipSTACK(3);                 /* drop all options */
   for (;;) {
     STACK_1 = check_fpointer(STACK_1,true);
@@ -106,10 +107,16 @@
     funcall(L(make_array),7);
     string = value1;
   }
-  begin_system_call();
-  ret = (regmatch_t*)alloca((re->re_nsub+1)*sizeof(regmatch_t));
-  end_system_call();
-  if (ret == NULL) OS_error();
+  ret_buffer_size = (re->re_nsub+1)*sizeof(regmatch_t);
+  if (ret_buffer_size <= BUFSIZ) {
+    begin_system_call();
+    ret = (regmatch_t*)alloca(ret_buffer_size);
+    end_system_call();
+    if (ret == NULL) OS_error();
+  } else {
+    /* Don't use alloca for sizes > BUFSIZ, it's not safe! */
+    ret = (regmatch_t*)clisp_malloc(ret_buffer_size);
+  }
   with_string_0(string,GLO(misc_encoding),stringz, {
     begin_system_call();
     status = regexec(re,stringz,re->re_nsub+1,ret,eflags);
@@ -142,5 +149,11 @@
       case ret_bool:   VALUES1(T); break;
     }
   }
+  if (ret_buffer_size > BUFSIZ) {
+    /* buffer allocated using malloc, needs to be free'd */
+    begin_system_call();
+    free(ret);
+    end_system_call();
+  }
   skipSTACK(2);                 /* drop pattern & string */
 }
diff -r bb23fd0915fa -r f663fe7ede9f src/ChangeLog
--- a/src/ChangeLog Tue Aug 30 22:45:08 2016 -0400
+++ b/src/ChangeLog Fri Sep 02 01:36:39 2016 +0200
@@ -1,3 +1,8 @@
+2016-09-02  Daniel Jour  <dan...@gm...>
+
+ * modules/regexp/regexi.c (REGEXP-EXEC): Avoid stack overflow for
+ large number of sub expressions
+
 2016-08-29  Sam Steingold  <sd...@gn...>

  * lispbibl.d, built.d, spvw.d, spvw_garcol.d, spvw_garcol_old.d:


