From da429bd433efb20d1a0c8dbd93b183a36b4cfbbc Mon Sep 17 00:00:00 2001 From: Cyrill Gorcunov Date: Fri, 13 Nov 2015 17:10:08 +0300 Subject: [PATCH] lib: Don't use alloca over net received size Better to obtain error if there is no free memory than smashing the stack. A rule of thumb for alloca() based functions is to use them with predefined small sizes (such as we do in swapping builtin sizes for parasite engine). Signed-off-by: Cyrill Gorcunov Signed-off-by: Pavel Emelyanov --- lib/criu.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/lib/criu.c b/lib/criu.c index 9c00a0f5c..52d1b61d6 100644 --- a/lib/criu.c +++ b/lib/criu.c @@ -10,7 +10,6 @@ #include #include #include -#include #include "criu.h" #include "rpc.pb-c.h" @@ -724,7 +723,7 @@ int criu_add_irmap_path(char *path) static CriuResp *recv_resp(int socket_fd) { - unsigned char *buf; + unsigned char *buf = NULL; int len; CriuResp *msg = 0; @@ -734,7 +733,12 @@ static CriuResp *recv_resp(int socket_fd) goto err; } - buf = alloca(len); + buf = malloc(len); + if (!buf) { + errno = ENOMEM; + perror("Can't receive response"); + goto err; + } len = recv(socket_fd, buf, len, MSG_TRUNC); if (len == -1) { @@ -748,8 +752,10 @@ static CriuResp *recv_resp(int socket_fd) goto err; } + free(buf); return msg; err: + free(buf); saved_errno = errno; return NULL; } @@ -761,7 +767,12 @@ static int send_req(int socket_fd, CriuReq *req) len = criu_req__get_packed_size(req); - buf = alloca(len); + buf = malloc(len); + if (!buf) { + errno = ENOMEM; + perror("Can't send request"); + goto err; + } if (criu_req__pack(req, buf) != len) { perror("Failed packing request"); @@ -773,8 +784,10 @@ static int send_req(int socket_fd, CriuReq *req) goto err; } + free(buf); return 0; err: + free(buf); saved_errno = errno; return -1; }