Hi,

	I went through ALLOCA_N use and it seems that the ret val of
	alloca() is never checked...

	Shouldn't we do something like: if (!mem) raise_something()? (I
	know that it is a slowdown, but we can catch few segfaults by
	this...)

		Michal


Index: bignum.c
===================================================================
RCS file: /src/ruby/bignum.c,v
retrieving revision 1.75
diff -u -p -r1.75 bignum.c
--- bignum.c	2002/08/21 15:47:54	1.75
+++ bignum.c	2002/09/03 11:15:50
@@ -504,6 +504,7 @@ rb_str_to_inum(str, base, badcheck)
     len = RSTRING(str)->len;
     if (s[len]) {		/* no sentinel somehow */
 	char *p = ALLOCA_N(char, len+1);
+	if (!p) rb_memerror();
 
 	MEMCPY(p, s, char, len);
 	p[len] = '\0';
Index: dln.c
===================================================================
RCS file: /src/ruby/dln.c,v
retrieving revision 1.38
diff -u -p -r1.38 dln.c
--- dln.c	2002/06/25 09:44:57	1.38
+++ dln.c	2002/09/03 11:15:53
@@ -1241,6 +1241,9 @@ dln_load(file)
 {
 #if !defined(_AIX) && !defined(NeXT)
     const char *error = 0;
+/*
+ * FIXME: What if ALLOCA_N is null?
+ */
 #define DLN_ERROR() (error = dln_strerror(), strcpy(ALLOCA_N(char, strlen(error) + 1), error))
 #endif
 
Index: error.c
===================================================================
RCS file: /src/ruby/error.c,v
retrieving revision 1.49
diff -u -p -r1.49 error.c
--- error.c	2002/09/03 05:20:06	1.49
+++ error.c	2002/09/03 11:15:55
@@ -741,10 +741,13 @@ rb_sys_fail(mesg)
 	volatile VALUE tmp = rb_str_inspect(rb_str_new2(mesg));
 
 	buf = ALLOCA_N(char, strlen(err)+RSTRING(tmp)->len+4);
+	if (!buf) rb_memerror();
+	
 	sprintf(buf, "%s - %s", err, RSTRING(tmp)->ptr);
     }
     else {
 	buf = ALLOCA_N(char, strlen(err)+1);
+	if (!buf) rb_memerror();
 	strcpy(buf, err);
     }
 
Index: eval.c
===================================================================
RCS file: /src/ruby/eval.c,v
retrieving revision 1.323
diff -u -p -r1.323 eval.c
--- eval.c	2002/08/29 09:08:15	1.323
+++ eval.c	2002/09/03 11:16:09
@@ -502,6 +502,8 @@ rb_attr(klass, id, read, write, ex)
 	rb_raise(rb_eArgError, "argument needs to be symbol or string");
     }
     buf = ALLOCA_N(char,strlen(name)+2);
+    if (!buf) rb_memerror();
+    
     sprintf(buf, "@%s", name);
     attriv = rb_intern(buf);
     if (read) {
@@ -1789,6 +1791,7 @@ copy_node_scope(node, rval)
             int i;\
 	    n = anode;\
 	    argv = TMP_ALLOC(argc);\
+	    if (!argv) rb_memerror();\
 	    for (i=0;i<argc;i++) {\
 		argv[i] = rb_eval(self,n->nd_head);\
 		n=n->nd_next;\
@@ -1805,6 +1808,7 @@ copy_node_scope(node, rval)
 	    args = rb_ary_to_ary(args);\
         argc = RARRAY(args)->len;\
 	argv = ALLOCA_N(VALUE, argc);\
+	if (!argv) rb_memerror();\
 	MEMCPY(argv, RARRAY(args)->ptr, VALUE, argc);\
     }\
 } while (0)
@@ -2830,6 +2834,8 @@ rb_eval(self, n)
 	    }
 	    if (node->nd_tbl) {
 		VALUE *vars = ALLOCA_N(VALUE, node->nd_tbl[0]+1);
+		if (!vars) rb_memerror();
+
 		*vars++ = (VALUE)node;
 		ruby_scope->local_vars = vars;
 		rb_mem_clear(ruby_scope->local_vars, node->nd_tbl[0]);
@@ -3449,6 +3455,8 @@ module_setup(module, n)
 
     if (node->nd_tbl) {
 	VALUE *vars = TMP_ALLOC(node->nd_tbl[0]+1);
+	if (!vars) rb_memerror();
+
 	*vars++ = (VALUE)node;
 	ruby_scope->local_vars = vars;
 	rb_mem_clear(ruby_scope->local_vars, node->nd_tbl[0]);
@@ -4391,6 +4399,8 @@ rb_undefined(obj, id, argc, argv, call_s
     }
 
     nargv = ALLOCA_N(VALUE, argc+1);
+    if (!nargv) rb_memerror();
+
     nargv[0] = ID2SYM(id);
     MEMCPY(nargv+1, argv, VALUE, argc);
 
@@ -4586,6 +4596,8 @@ rb_call0(klass, recv, id, oid, argc, arg
 	    }
 	    if (body->nd_tbl) {
 		local_vars = TMP_ALLOC(body->nd_tbl[0]+1);
+		if (!local_vars) rb_memerror();
+
 		*local_vars++ = (VALUE)body;
 		rb_mem_clear(local_vars, body->nd_tbl[0]);
 		ruby_scope->local_tbl = body->nd_tbl;
@@ -4777,6 +4789,8 @@ rb_apply(recv, mid, args)
 
     argc = RARRAY(args)->len; /* Assigns LONG, but argc is INT */
     argv = ALLOCA_N(VALUE, argc);
+    if (!argv) rb_memerror();
+
     MEMCPY(argv, RARRAY(args)->ptr, VALUE, argc);
     return rb_call(CLASS_OF(recv), recv, mid, argc, argv, 1);
 }
@@ -4825,6 +4839,7 @@ rb_funcall(recv, mid, n, va_alist)
 	long i;
 
 	argv = ALLOCA_N(VALUE, n);
+	if (!argv) rb_memerror();
 
 	va_init_list(ar, n);
 	for (i=0;i<n;i++) {
Index: io.c
===================================================================
RCS file: /src/ruby/io.c,v
retrieving revision 1.155
diff -u -p -r1.155 io.c
--- io.c	2002/09/03 05:20:06	1.155
+++ io.c	2002/09/03 11:16:16
@@ -532,6 +532,8 @@ rb_io_inspect(obj)
     if (!fptr->path) return rb_any_to_s(obj);
     cname = rb_class2name(CLASS_OF(obj));
     buf = ALLOCA_N(char, strlen(cname) + strlen(fptr->path) + 5);
+    if (!buf) rb_memerror();
+
     sprintf(buf, "#<%s:%s>", cname, fptr->path);
     return rb_str_new2(buf);
 }
Index: marshal.c
===================================================================
RCS file: /src/ruby/marshal.c,v
retrieving revision 1.67
diff -u -p -r1.67 marshal.c
--- marshal.c	2002/08/29 09:08:16	1.67
+++ marshal.c	2002/09/03 11:16:17
@@ -705,6 +705,7 @@ r_long(arg)
 #define r_bytes2(s, len, arg) do {	\
     (len) = r_long(arg);		\
     (s) = ALLOCA_N(char,(len)+1);	\
+    if ((s) == NULL) rb_memerror();	\
     r_bytes0((s),(len),(arg));		\
 } while (0)
 
Index: object.c
===================================================================
RCS file: /src/ruby/object.c,v
retrieving revision 1.86
diff -u -p -r1.86 object.c
--- object.c	2002/09/03 05:20:06	1.86
+++ object.c	2002/09/03 11:16:19
@@ -1040,6 +1040,8 @@ rb_cstr_to_dbl(p, badcheck)
 	char *buf = ALLOCA_N(char, strlen(p)+1);
 	char *n = buf;
 
+	if (!buf) rb_memerror();
+
 	while (p < end) *n++ = *p++;
 	while (*p) {
 	    if (*p == '_') {
@@ -1085,6 +1087,8 @@ rb_str_to_dbl(str, badcheck)
     len = RSTRING(str)->len;
     if (s[len]) {		/* no sentinel somehow */
 	char *p = ALLOCA_N(char, len+1);
+
+	if (!p) rb_memerror();
 
 	MEMCPY(p, s, char, len);
 	p[len] = '\0';
Index: pack.c
===================================================================
RCS file: /src/ruby/pack.c,v
retrieving revision 1.43
diff -u -p -r1.43 pack.c
--- pack.c	2002/08/28 08:05:23	1.43
+++ pack.c	2002/09/03 11:16:23
@@ -57,10 +57,10 @@ TOKEN_PASTE(swap,x)(z)			\
     unsigned char *s, *t;		\
     int i;				\
 					\
-    zp = (xtype *)malloc(sizeof(xtype));\
+    zp = (xtype *)xmalloc(sizeof(xtype));\
     *zp = z;				\
     s = (char *)zp;			\
-    t = (char *)malloc(sizeof(xtype));	\
+    t = (char *)xmalloc(sizeof(xtype));	\
     for (i=0; i<sizeof(xtype); i++) {	\
 	t[sizeof(xtype)-i-1] = s[i];	\
     }					\
Index: parse.y
===================================================================
RCS file: /src/ruby/parse.y,v
retrieving revision 1.207
diff -u -p -r1.207 parse.y
--- parse.y	2002/09/02 12:19:30	1.207
+++ parse.y	2002/09/03 11:16:30
@@ -2308,6 +2308,8 @@ yyerror(msg)
     len = pe - p;
     if (len > 4) {
 	buf = ALLOCA_N(char, len+2);
+	if (!buf) rb_memerror();
+
 	MEMCPY(buf, p, char, len);
 	buf[len] = '\0';
 	rb_compile_error_append("%s", buf);
@@ -5492,6 +5494,8 @@ rb_intern(name)
 	    /* attribute assignment */
 	    char *buf = ALLOCA_N(char,last+1);
 
+	    if (!buf) rb_memerror();
+
 	    strncpy(buf, name, last);
 	    buf[last] = '\0';
 	    id = rb_intern(buf);
@@ -5546,6 +5550,8 @@ rb_id2name(id)
 	name = rb_id2name(id2);
 	if (name) {
 	    char *buf = ALLOCA_N(char, strlen(name)+2);
+
+	    if (!buf) rb_memerror();
 
 	    strcpy(buf, name);
 	    strcat(buf, "=");
Index: process.c
===================================================================
RCS file: /src/ruby/process.c,v
retrieving revision 1.55
diff -u -p -r1.55 process.c
--- process.c	2002/08/28 08:05:23	1.55
+++ process.c	2002/09/03 11:16:34
@@ -471,9 +471,15 @@ proc_exec_v(argv, prog)
 	    for (n = 0; argv[n]; n++)
 		/* no-op */;
 	    new_argv = ALLOCA_N(char*, n + 2);
-	    for (; n > 0; n--)
+	    if (!new_argv) rb_memerror();
+	    
+	    for (; n > 0; n--) {
 		new_argv[n + 1] = argv[n];
-	    new_argv[1] = strcpy(ALLOCA_N(char, strlen(argv[0]) + 1), argv[0]);
+	    }
+	    new_argv[1] = ALLOCA_N(char, strlen(argv[0]) + 1);
+	    if (!new_argv[1]) rb_memerror();
+	    
+	    strcpy(new_argv[1], argv[0]);
 	    for (p = new_argv[1]; *p != '\0'; p++)
 		if (*p == '/')
 		    *p = '\\';
@@ -507,6 +513,8 @@ proc_exec_n(argc, argv, progv)
 	prog = RSTRING(progv)->ptr;
     }
     args = ALLOCA_N(char*, argc+1);
+    if (!args) rb_memerror();
+
     for (i=0; i<argc; i++) {
 	SafeStringValue(argv[i]);
 	args[i] = RSTRING(argv[i])->ptr;
@@ -560,7 +568,11 @@ rb_proc_exec(str)
 	}
     }
     a = argv = ALLOCA_N(char*, (s-str)/2+2);
+    if (!a) rb_memerror();
+    
     ss = ALLOCA_N(char, s-str+1);
+    if (!ss) rb_memerror();
+
     strcpy(ss, str);
     if (*a++ = strtok(ss, " \t")) {
 	while (t = strtok(NULL, " \t")) {
@@ -602,9 +614,15 @@ proc_spawn_v(argv, prog)
 	for (n = 0; argv[n]; n++)
 	    /* no-op */;
 	new_argv = ALLOCA_N(char*, n + 2);
-	for (; n > 0; n--)
+	if (!new_argv) rb_memerror();
+	
+	for (; n > 0; n--) {
 	    new_argv[n + 1] = argv[n];
-	new_argv[1] = strcpy(ALLOCA_N(char, strlen(argv[0]) + 1), argv[0]);
+	}
+	new_argv[1] = ALLOCA_N(char, strlen(argv[0]) + 1);
+	if (!new_argv[1]) rb_memerror();
+	
+	strcpy(new_argv[1], argv[0]);
 	for (p = new_argv[1]; *p != '\0'; p++)
 	    if (*p == '/')
 		*p = '\\';
@@ -632,6 +650,8 @@ proc_spawn_n(argc, argv, prog)
     int i;
 
     args = ALLOCA_N(char*, argc + 1);
+    if (!args) rb_memerror();
+
     for (i = 0; i < argc; i++) {
 	SafeStr(argv[i]);
 	args[i] = RSTRING(argv[i])->ptr;
@@ -664,7 +684,11 @@ proc_spawn(sv)
 	}
     }
     a = argv = ALLOCA_N(char*, (s - str) / 2 + 2);
+    if (!a) rb_memerror();
+    
     s = ALLOCA_N(char, s - str + 1);
+    if (!s) rb_memerror();
+
     strcpy(s, str);
     if (*a++ = strtok(s, " \t")) {
 	while (t = strtok(NULL, " \t"))
Index: random.c
===================================================================
RCS file: /src/ruby/random.c,v
retrieving revision 1.24
diff -u -p -r1.24 random.c
--- random.c	2002/08/21 15:47:54	1.24
+++ random.c	2002/09/03 11:16:34
@@ -228,6 +228,8 @@ rb_f_rand(argc, argv, obj)
 	    long len = RBIGNUM(vmax)->len;
 	    double *buf = ALLOCA_N(double, len);
 
+	    if (!buf) rb_memerror();
+
 	    while (len--) {
 		buf[len] = genrand_real();
 	    }
Index: ruby.c
===================================================================
RCS file: /src/ruby/ruby.c,v
retrieving revision 1.66
diff -u -p -r1.66 ruby.c
--- ruby.c	2002/09/02 12:19:30	1.66
+++ ruby.c	2002/09/03 11:16:35
@@ -385,6 +385,8 @@ moreswitches(s)
     while (*s && !ISSPACE(*s))
 	s++;
     argv[1] = ALLOCA_N(char, s-p+2);
+    if (!argv[1]) rb_memerror();
+
     argv[1][0] = '-';
     strncpy(argv[1]+1, p, s-p);
     argv[1][s-p+1] = '\0';
@@ -816,6 +818,8 @@ load_file(fname, script)
 		    *p++ = '\0';
 		    if (p < pend) {
 			argv = ALLOCA_N(char*, origargc+3);
+			if (!argv) rb_memerror();
+
 			argv[1] = p;
 			MEMCPY(argv+2, origargv+1, char*, origargc);
 		    }
Index: string.c
===================================================================
RCS file: /src/ruby/string.c,v
retrieving revision 1.117
diff -u -p -r1.117 string.c
--- string.c	2002/09/03 05:20:06	1.117
+++ string.c	2002/09/03 11:16:40
@@ -387,12 +387,16 @@ rb_str_format(str, arg)
 
     if (TYPE(arg) == T_ARRAY) {
 	argv = ALLOCA_N(VALUE, RARRAY(arg)->len + 1);
+	if (!argv) rb_memerror();
+
 	argv[0] = str;
 	MEMCPY(argv+1, RARRAY(arg)->ptr, VALUE, RARRAY(arg)->len);
 	return rb_f_sprintf(RARRAY(arg)->len+1, argv);
     }
     
     argv = ALLOCA_N(VALUE, 2);
+    if (!argv) rb_memerror();
+
     argv[0] = str;
     argv[1] = arg;
     return rb_f_sprintf(2, argv);
Index: struct.c
===================================================================
RCS file: /src/ruby/struct.c,v
retrieving revision 1.37
diff -u -p -r1.37 struct.c
--- struct.c	2002/09/03 05:20:06	1.37
+++ struct.c	2002/09/03 11:16:41
@@ -312,6 +312,8 @@ rb_struct_new(klass, va_alist)
     sz = rb_struct_iv_get(klass, "__size__");
     size = FIX2LONG(sz); 
     mem = ALLOCA_N(VALUE, size);
+    if (!mem) rb_memerror();
+
     va_init_list(args, klass);
     for (i=0; i<size; i++) {
 	mem[i] = va_arg(args, VALUE);
Index: variable.c
===================================================================
RCS file: /src/ruby/variable.c,v
retrieving revision 1.68
diff -u -p -r1.68 variable.c
--- variable.c	2002/09/03 05:20:07	1.68
+++ variable.c	2002/09/03 11:16:45
@@ -471,6 +471,9 @@ global_id(name)
     if (name[0] == '$') id = rb_intern(name);
     else {
 	char *buf = ALLOCA_N(char, strlen(name)+2);
+
+	if (!buf) rb_memerror();
+
 	buf[0] = '$';
 	strcpy(buf+1, name);
 	id = rb_intern(buf);

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michal Rokos                         Czech Technical University, Prague
E-mail:m.rokos / sh.cvut.cz      ICQ:36118339      Jabber:majkl / jabber.cz
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-