Call to alloca in a loop¶
ID: cpp/alloca-in-loop Kind: problem Security severity: 7.5 Severity: warning Precision: high Tags: - reliability - correctness - security - external/cwe/cwe-770 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls Click to see the query in the CodeQL repository
The alloca macro allocates memory by expanding the current stack frame. Invoking alloca within a loop may lead to a stack overflow because the memory is not released until the function returns.
Recommendation¶
Consider invoking alloca once outside the loop, or using malloc or new to allocate memory on the heap if the allocation must be done inside the loop.
Example¶
The variable path is allocated inside a loop with alloca. Consequently, storage for all copies of the path is present in the stack frame until the end of the function.
char*dir_path;char**dir_entries;intcount;for(inti=0;i<count;i++){char*path=(char*)alloca(strlen(dir_path)+strlen(dir_entry[i])+2);// use path}In the revised example, path is allocated with malloc and freed at the end of the loop.
char*dir_path;char**dir_entries;intcount;for(inti=0;i<count;i++){char*path=(char*)malloc(strlen(dir_path)+strlen(dir_entry[i])+2);// use pathfree(path);}