On 07/23/2016 04:33 AM, Aldy Hernandez wrote:
Hi guys!
I'm looking at libiberty's use of alloca() and trying to place some
bounded checks at alloca() call points.
Silly question, do we have any users of regex.c with REGEX_MALLOC set? I
don't see any #define for REGEX_MALLOC anywhere in binutils or gcc, and
it doesn't look like autoconf magic being set elsewhere.
I'm pretty sure that's long long gone.
regex came from glibc back in 2001. The REGEX_MALLOC bits were removed
from glibc by Uli in 2002.
I'll pre-approve removing those bits. Alternately, you could look to
resync with glibc, though that could prove painful after 15 years of
divergence.
Another silly question, who are libiberty's consumers? GCC and
binutils/gdb? Or should I be looking at additional packages for answers?
Packages which have libiberty included are supposed to put this in their
spec file for Fedora:
Provides: bundled(libiberty)
Presumably there's way to query RPM for that tag. You might ask Red
Hat's security folks since I believe they pushed for that change to
allow them to easily find bundled bits for security fixes/updates.
That ought to give you a sense of who's using libiberty.
Jeff
