X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fopenat-priv.h;h=948b220c7ef82cb064a3368f55381cac140b1050;hb=9436b51b876432bb26c2345e138e8ddd7c6a7fb2;hp=3a45de162404e513a63aad531423295de962eba6;hpb=3030c5b5e0a5199e16b05927da72c43c42f211c3;p=gnulib.git

diff --git a/lib/openat-priv.h b/lib/openat-priv.h
index 3a45de162..948b220c7 100644
--- a/lib/openat-priv.h
+++ b/lib/openat-priv.h
@@ -1,6 +1,6 @@
 /* Internals for openat-like functions.
 
-   Copyright (C) 2005-2006, 2009 Free Software Foundation, Inc.
+   Copyright (C) 2005-2006, 2009-2011 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,9 +21,29 @@
 #define _GL_HEADER_OPENAT_PRIV
 
 #include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
-#define OPENAT_BUFFER_SIZE 512
+/* Maximum number of bytes that it is safe to allocate as a single
+   array on the stack, and that is known as a compile-time constant.
+   The assumption is that we'll touch the array very quickly, or a
+   temporary very near the array, provoking an out-of-memory trap.  On
+   some operating systems, there is only one guard page for the stack,
+   and a page size can be as small as 4096 bytes.  Subtract 64 in the
+   hope that this will let the compiler touch a nearby temporary and
+   provoke a trap.  */
+#define SAFER_ALLOCA_MAX (4096 - 64)
+
+#define SAFER_ALLOCA(m) ((m) < SAFER_ALLOCA_MAX ? (m) : SAFER_ALLOCA_MAX)
+
+#if defined PATH_MAX
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (PATH_MAX)
+#elif defined _XOPEN_PATH_MAX
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (_XOPEN_PATH_MAX)
+#else
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (1024)
+#endif
+
 char *openat_proc_name (char buf[OPENAT_BUFFER_SIZE], int fd, char const *file);
 
 /* Trying to access a BUILD_PROC_NAME file will fail on systems without