From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 11 Jan 2011 18:26:56 +0000 (-0800)
Subject: openat: Increase OPENAT_BUFFER_SIZE from 512 to at least 1024
X-Git-Tag: v0.1~3354
X-Git-Url: http://erislabs.net/gitweb/?a=commitdiff_plain;h=03dd3ccd9a02d8406571243b74c6afb08f90ba2b;p=gnulib.git

openat: Increase OPENAT_BUFFER_SIZE from 512 to at least 1024

This avoids heap allocation for file names whose lengths are in
the range 512..1023, with the upper bound increasing to at most
4031 depending on the platform's PATH_MAX.  (We do not want
pathmax.h here as it might supply a non-constant PATH_MAX.)
* lib/openat-priv.h (SAFER_ALLOCA_MAX, SAFER_ALLOCA): New macros.
Perhaps they should be moved to malloca.h?
(OPENAT_BUFFER_SIZE): Use them.
---

diff --git a/ChangeLog b/ChangeLog
index a4d5acc84..f8cd3056c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-01-11  Paul Eggert  <eggert@cs.ucla.edu>
+
+	openat: Increase OPENAT_BUFFER_SIZE from 512 to at least 1024
+	This avoids heap allocation for file names whose lengths are in
+	the range 512..1023, with the upper bound increasing to at most
+	4031 depending on the platform's PATH_MAX.  (We do not want
+	pathmax.h here as it might supply a non-constant PATH_MAX.)
+	* lib/openat-priv.h (SAFER_ALLOCA_MAX, SAFER_ALLOCA): New macros.
+	Perhaps they should be moved to malloca.h?
+	(OPENAT_BUFFER_SIZE): Use them.
+
 2011-01-10  Bruno Haible  <bruno@clisp.org>
 
 	doc: Update users.txt.
diff --git a/lib/openat-priv.h b/lib/openat-priv.h
index 6cbf63053..948b220c7 100644
--- a/lib/openat-priv.h
+++ b/lib/openat-priv.h
@@ -21,9 +21,29 @@
 #define _GL_HEADER_OPENAT_PRIV
 
 #include <errno.h>
+#include <limits.h>
 #include <stdlib.h>
 
-#define OPENAT_BUFFER_SIZE 512
+/* Maximum number of bytes that it is safe to allocate as a single
+   array on the stack, and that is known as a compile-time constant.
+   The assumption is that we'll touch the array very quickly, or a
+   temporary very near the array, provoking an out-of-memory trap.  On
+   some operating systems, there is only one guard page for the stack,
+   and a page size can be as small as 4096 bytes.  Subtract 64 in the
+   hope that this will let the compiler touch a nearby temporary and
+   provoke a trap.  */
+#define SAFER_ALLOCA_MAX (4096 - 64)
+
+#define SAFER_ALLOCA(m) ((m) < SAFER_ALLOCA_MAX ? (m) : SAFER_ALLOCA_MAX)
+
+#if defined PATH_MAX
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (PATH_MAX)
+#elif defined _XOPEN_PATH_MAX
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (_XOPEN_PATH_MAX)
+#else
+# define OPENAT_BUFFER_SIZE SAFER_ALLOCA (1024)
+#endif
+
 char *openat_proc_name (char buf[OPENAT_BUFFER_SIZE], int fd, char const *file);
 
 /* Trying to access a BUILD_PROC_NAME file will fail on systems without