supervisor: Don't use alloca() in gc_blob_cache_dir()'s loop

Fixes CodeQL's cpp/alloca-in-loop alert #3.
rbalint · May 14, 2023 · 08f5d50 · 08f5d50
1 parent 1d5ab07
commit 08f5d50
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/firebuild/blob_cache.cc b/src/firebuild/blob_cache.cc
@@ -445,9 +445,11 @@ void BlobCache::gc_blob_cache_dir(const std::string& path,
           if ((debug_postfix = strstr(name, kDebugPostfix))) {
             /* Files for debugging blobs.*/
             if (FB_DEBUGGING(FB_DEBUG_CACHE)) {
-              char* related_name = reinterpret_cast<char*>(alloca(debug_postfix - name + 1));
-              memcpy(related_name, name, debug_postfix - name);
-              related_name[debug_postfix - name] = '\0';
+              const size_t name_len = debug_postfix - name;
+              assert_cmp(name_len, <, FB_PATH_BUFSIZE);
+              char related_name[FB_PATH_BUFSIZE];
+              memcpy(related_name, name, name_len);
+              related_name[name_len] = '\0';
               struct stat st;
               if (fstatat(dirfd(dir), related_name, &st, 0) == 0) {
                 /* Keeping debugging file that has related blob. If the object gets removed