Hi, I went through ALLOCA_N use and it seems that the ret val of alloca() is never checked... Shouldn't we do something like: if (!mem) raise_something()? (I know that it is a slowdown, but we can catch few segfaults by this...) Michal Index: bignum.c =================================================================== RCS file: /src/ruby/bignum.c,v retrieving revision 1.75 diff -u -p -r1.75 bignum.c --- bignum.c 2002/08/21 15:47:54 1.75 +++ bignum.c 2002/09/03 11:15:50 @@ -504,6 +504,7 @@ rb_str_to_inum(str, base, badcheck) len = RSTRING(str)->len; if (s[len]) { /* no sentinel somehow */ char *p = ALLOCA_N(char, len+1); + if (!p) rb_memerror(); MEMCPY(p, s, char, len); p[len] = '\0'; Index: dln.c =================================================================== RCS file: /src/ruby/dln.c,v retrieving revision 1.38 diff -u -p -r1.38 dln.c --- dln.c 2002/06/25 09:44:57 1.38 +++ dln.c 2002/09/03 11:15:53 @@ -1241,6 +1241,9 @@ dln_load(file) { #if !defined(_AIX) && !defined(NeXT) const char *error = 0; +/* + * FIXME: What if ALLOCA_N is null? + */ #define DLN_ERROR() (error = dln_strerror(), strcpy(ALLOCA_N(char, strlen(error) + 1), error)) #endif Index: error.c =================================================================== RCS file: /src/ruby/error.c,v retrieving revision 1.49 diff -u -p -r1.49 error.c --- error.c 2002/09/03 05:20:06 1.49 +++ error.c 2002/09/03 11:15:55 @@ -741,10 +741,13 @@ rb_sys_fail(mesg) volatile VALUE tmp = rb_str_inspect(rb_str_new2(mesg)); buf = ALLOCA_N(char, strlen(err)+RSTRING(tmp)->len+4); + if (!buf) rb_memerror(); + sprintf(buf, "%s - %s", err, RSTRING(tmp)->ptr); } else { buf = ALLOCA_N(char, strlen(err)+1); + if (!buf) rb_memerror(); strcpy(buf, err); } Index: eval.c =================================================================== RCS file: /src/ruby/eval.c,v retrieving revision 1.323 diff -u -p -r1.323 eval.c --- eval.c 2002/08/29 09:08:15 1.323 +++ eval.c 2002/09/03 11:16:09 @@ -502,6 +502,8 @@ rb_attr(klass, id, read, write, ex) rb_raise(rb_eArgError, "argument needs to be symbol or string"); } buf = ALLOCA_N(char,strlen(name)+2); + if (!buf) rb_memerror(); + sprintf(buf, "@%s", name); attriv = rb_intern(buf); if (read) { @@ -1789,6 +1791,7 @@ copy_node_scope(node, rval) int i;\ n = anode;\ argv = TMP_ALLOC(argc);\ + if (!argv) rb_memerror();\ for (i=0;i<argc;i++) {\ argv[i] = rb_eval(self,n->nd_head);\ n=n->nd_next;\ @@ -1805,6 +1808,7 @@ copy_node_scope(node, rval) args = rb_ary_to_ary(args);\ argc = RARRAY(args)->len;\ argv = ALLOCA_N(VALUE, argc);\ + if (!argv) rb_memerror();\ MEMCPY(argv, RARRAY(args)->ptr, VALUE, argc);\ }\ } while (0) @@ -2830,6 +2834,8 @@ rb_eval(self, n) } if (node->nd_tbl) { VALUE *vars = ALLOCA_N(VALUE, node->nd_tbl[0]+1); + if (!vars) rb_memerror(); + *vars++ = (VALUE)node; ruby_scope->local_vars = vars; rb_mem_clear(ruby_scope->local_vars, node->nd_tbl[0]); @@ -3449,6 +3455,8 @@ module_setup(module, n) if (node->nd_tbl) { VALUE *vars = TMP_ALLOC(node->nd_tbl[0]+1); + if (!vars) rb_memerror(); + *vars++ = (VALUE)node; ruby_scope->local_vars = vars; rb_mem_clear(ruby_scope->local_vars, node->nd_tbl[0]); @@ -4391,6 +4399,8 @@ rb_undefined(obj, id, argc, argv, call_s } nargv = ALLOCA_N(VALUE, argc+1); + if (!nargv) rb_memerror(); + nargv[0] = ID2SYM(id); MEMCPY(nargv+1, argv, VALUE, argc); @@ -4586,6 +4596,8 @@ rb_call0(klass, recv, id, oid, argc, arg } if (body->nd_tbl) { local_vars = TMP_ALLOC(body->nd_tbl[0]+1); + if (!local_vars) rb_memerror(); + *local_vars++ = (VALUE)body; rb_mem_clear(local_vars, body->nd_tbl[0]); ruby_scope->local_tbl = body->nd_tbl; @@ -4777,6 +4789,8 @@ rb_apply(recv, mid, args) argc = RARRAY(args)->len; /* Assigns LONG, but argc is INT */ argv = ALLOCA_N(VALUE, argc); + if (!argv) rb_memerror(); + MEMCPY(argv, RARRAY(args)->ptr, VALUE, argc); return rb_call(CLASS_OF(recv), recv, mid, argc, argv, 1); } @@ -4825,6 +4839,7 @@ rb_funcall(recv, mid, n, va_alist) long i; argv = ALLOCA_N(VALUE, n); + if (!argv) rb_memerror(); va_init_list(ar, n); for (i=0;i<n;i++) { Index: io.c =================================================================== RCS file: /src/ruby/io.c,v retrieving revision 1.155 diff -u -p -r1.155 io.c --- io.c 2002/09/03 05:20:06 1.155 +++ io.c 2002/09/03 11:16:16 @@ -532,6 +532,8 @@ rb_io_inspect(obj) if (!fptr->path) return rb_any_to_s(obj); cname = rb_class2name(CLASS_OF(obj)); buf = ALLOCA_N(char, strlen(cname) + strlen(fptr->path) + 5); + if (!buf) rb_memerror(); + sprintf(buf, "#<%s:%s>", cname, fptr->path); return rb_str_new2(buf); } Index: marshal.c =================================================================== RCS file: /src/ruby/marshal.c,v retrieving revision 1.67 diff -u -p -r1.67 marshal.c --- marshal.c 2002/08/29 09:08:16 1.67 +++ marshal.c 2002/09/03 11:16:17 @@ -705,6 +705,7 @@ r_long(arg) #define r_bytes2(s, len, arg) do { \ (len) = r_long(arg); \ (s) = ALLOCA_N(char,(len)+1); \ + if ((s) == NULL) rb_memerror(); \ r_bytes0((s),(len),(arg)); \ } while (0) Index: object.c =================================================================== RCS file: /src/ruby/object.c,v retrieving revision 1.86 diff -u -p -r1.86 object.c --- object.c 2002/09/03 05:20:06 1.86 +++ object.c 2002/09/03 11:16:19 @@ -1040,6 +1040,8 @@ rb_cstr_to_dbl(p, badcheck) char *buf = ALLOCA_N(char, strlen(p)+1); char *n = buf; + if (!buf) rb_memerror(); + while (p < end) *n++ = *p++; while (*p) { if (*p == '_') { @@ -1085,6 +1087,8 @@ rb_str_to_dbl(str, badcheck) len = RSTRING(str)->len; if (s[len]) { /* no sentinel somehow */ char *p = ALLOCA_N(char, len+1); + + if (!p) rb_memerror(); MEMCPY(p, s, char, len); p[len] = '\0'; Index: pack.c =================================================================== RCS file: /src/ruby/pack.c,v retrieving revision 1.43 diff -u -p -r1.43 pack.c --- pack.c 2002/08/28 08:05:23 1.43 +++ pack.c 2002/09/03 11:16:23 @@ -57,10 +57,10 @@ TOKEN_PASTE(swap,x)(z) \ unsigned char *s, *t; \ int i; \ \ - zp = (xtype *)malloc(sizeof(xtype));\ + zp = (xtype *)xmalloc(sizeof(xtype));\ *zp = z; \ s = (char *)zp; \ - t = (char *)malloc(sizeof(xtype)); \ + t = (char *)xmalloc(sizeof(xtype)); \ for (i=0; i<sizeof(xtype); i++) { \ t[sizeof(xtype)-i-1] = s[i]; \ } \ Index: parse.y =================================================================== RCS file: /src/ruby/parse.y,v retrieving revision 1.207 diff -u -p -r1.207 parse.y --- parse.y 2002/09/02 12:19:30 1.207 +++ parse.y 2002/09/03 11:16:30 @@ -2308,6 +2308,8 @@ yyerror(msg) len = pe - p; if (len > 4) { buf = ALLOCA_N(char, len+2); + if (!buf) rb_memerror(); + MEMCPY(buf, p, char, len); buf[len] = '\0'; rb_compile_error_append("%s", buf); @@ -5492,6 +5494,8 @@ rb_intern(name) /* attribute assignment */ char *buf = ALLOCA_N(char,last+1); + if (!buf) rb_memerror(); + strncpy(buf, name, last); buf[last] = '\0'; id = rb_intern(buf); @@ -5546,6 +5550,8 @@ rb_id2name(id) name = rb_id2name(id2); if (name) { char *buf = ALLOCA_N(char, strlen(name)+2); + + if (!buf) rb_memerror(); strcpy(buf, name); strcat(buf, "="); Index: process.c =================================================================== RCS file: /src/ruby/process.c,v retrieving revision 1.55 diff -u -p -r1.55 process.c --- process.c 2002/08/28 08:05:23 1.55 +++ process.c 2002/09/03 11:16:34 @@ -471,9 +471,15 @@ proc_exec_v(argv, prog) for (n = 0; argv[n]; n++) /* no-op */; new_argv = ALLOCA_N(char*, n + 2); - for (; n > 0; n--) + if (!new_argv) rb_memerror(); + + for (; n > 0; n--) { new_argv[n + 1] = argv[n]; - new_argv[1] = strcpy(ALLOCA_N(char, strlen(argv[0]) + 1), argv[0]); + } + new_argv[1] = ALLOCA_N(char, strlen(argv[0]) + 1); + if (!new_argv[1]) rb_memerror(); + + strcpy(new_argv[1], argv[0]); for (p = new_argv[1]; *p != '\0'; p++) if (*p == '/') *p = '\\'; @@ -507,6 +513,8 @@ proc_exec_n(argc, argv, progv) prog = RSTRING(progv)->ptr; } args = ALLOCA_N(char*, argc+1); + if (!args) rb_memerror(); + for (i=0; i<argc; i++) { SafeStringValue(argv[i]); args[i] = RSTRING(argv[i])->ptr; @@ -560,7 +568,11 @@ rb_proc_exec(str) } } a = argv = ALLOCA_N(char*, (s-str)/2+2); + if (!a) rb_memerror(); + ss = ALLOCA_N(char, s-str+1); + if (!ss) rb_memerror(); + strcpy(ss, str); if (*a++ = strtok(ss, " \t")) { while (t = strtok(NULL, " \t")) { @@ -602,9 +614,15 @@ proc_spawn_v(argv, prog) for (n = 0; argv[n]; n++) /* no-op */; new_argv = ALLOCA_N(char*, n + 2); - for (; n > 0; n--) + if (!new_argv) rb_memerror(); + + for (; n > 0; n--) { new_argv[n + 1] = argv[n]; - new_argv[1] = strcpy(ALLOCA_N(char, strlen(argv[0]) + 1), argv[0]); + } + new_argv[1] = ALLOCA_N(char, strlen(argv[0]) + 1); + if (!new_argv[1]) rb_memerror(); + + strcpy(new_argv[1], argv[0]); for (p = new_argv[1]; *p != '\0'; p++) if (*p == '/') *p = '\\'; @@ -632,6 +650,8 @@ proc_spawn_n(argc, argv, prog) int i; args = ALLOCA_N(char*, argc + 1); + if (!args) rb_memerror(); + for (i = 0; i < argc; i++) { SafeStr(argv[i]); args[i] = RSTRING(argv[i])->ptr; @@ -664,7 +684,11 @@ proc_spawn(sv) } } a = argv = ALLOCA_N(char*, (s - str) / 2 + 2); + if (!a) rb_memerror(); + s = ALLOCA_N(char, s - str + 1); + if (!s) rb_memerror(); + strcpy(s, str); if (*a++ = strtok(s, " \t")) { while (t = strtok(NULL, " \t")) Index: random.c =================================================================== RCS file: /src/ruby/random.c,v retrieving revision 1.24 diff -u -p -r1.24 random.c --- random.c 2002/08/21 15:47:54 1.24 +++ random.c 2002/09/03 11:16:34 @@ -228,6 +228,8 @@ rb_f_rand(argc, argv, obj) long len = RBIGNUM(vmax)->len; double *buf = ALLOCA_N(double, len); + if (!buf) rb_memerror(); + while (len--) { buf[len] = genrand_real(); } Index: ruby.c =================================================================== RCS file: /src/ruby/ruby.c,v retrieving revision 1.66 diff -u -p -r1.66 ruby.c --- ruby.c 2002/09/02 12:19:30 1.66 +++ ruby.c 2002/09/03 11:16:35 @@ -385,6 +385,8 @@ moreswitches(s) while (*s && !ISSPACE(*s)) s++; argv[1] = ALLOCA_N(char, s-p+2); + if (!argv[1]) rb_memerror(); + argv[1][0] = '-'; strncpy(argv[1]+1, p, s-p); argv[1][s-p+1] = '\0'; @@ -816,6 +818,8 @@ load_file(fname, script) *p++ = '\0'; if (p < pend) { argv = ALLOCA_N(char*, origargc+3); + if (!argv) rb_memerror(); + argv[1] = p; MEMCPY(argv+2, origargv+1, char*, origargc); } Index: string.c =================================================================== RCS file: /src/ruby/string.c,v retrieving revision 1.117 diff -u -p -r1.117 string.c --- string.c 2002/09/03 05:20:06 1.117 +++ string.c 2002/09/03 11:16:40 @@ -387,12 +387,16 @@ rb_str_format(str, arg) if (TYPE(arg) == T_ARRAY) { argv = ALLOCA_N(VALUE, RARRAY(arg)->len + 1); + if (!argv) rb_memerror(); + argv[0] = str; MEMCPY(argv+1, RARRAY(arg)->ptr, VALUE, RARRAY(arg)->len); return rb_f_sprintf(RARRAY(arg)->len+1, argv); } argv = ALLOCA_N(VALUE, 2); + if (!argv) rb_memerror(); + argv[0] = str; argv[1] = arg; return rb_f_sprintf(2, argv); Index: struct.c =================================================================== RCS file: /src/ruby/struct.c,v retrieving revision 1.37 diff -u -p -r1.37 struct.c --- struct.c 2002/09/03 05:20:06 1.37 +++ struct.c 2002/09/03 11:16:41 @@ -312,6 +312,8 @@ rb_struct_new(klass, va_alist) sz = rb_struct_iv_get(klass, "__size__"); size = FIX2LONG(sz); mem = ALLOCA_N(VALUE, size); + if (!mem) rb_memerror(); + va_init_list(args, klass); for (i=0; i<size; i++) { mem[i] = va_arg(args, VALUE); Index: variable.c =================================================================== RCS file: /src/ruby/variable.c,v retrieving revision 1.68 diff -u -p -r1.68 variable.c --- variable.c 2002/09/03 05:20:07 1.68 +++ variable.c 2002/09/03 11:16:45 @@ -471,6 +471,9 @@ global_id(name) if (name[0] == '$') id = rb_intern(name); else { char *buf = ALLOCA_N(char, strlen(name)+2); + + if (!buf) rb_memerror(); + buf[0] = '$'; strcpy(buf+1, name); id = rb_intern(buf); -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Michal Rokos Czech Technical University, Prague E-mail:m.rokos / sh.cvut.cz ICQ:36118339 Jabber:majkl / jabber.cz -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-