From b640697b1f83a958eb70858b96f3bb56858c2966 Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Sun, 14 May 2023 16:18:00 +0200
Subject: [PATCH] supervisor: Don't use alloca() in gc_blob_cache_dir()'s loop

Fixes CodeQL's cpp/alloca-in-loop alert #3.
---
 src/firebuild/blob_cache.cc | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/firebuild/blob_cache.cc b/src/firebuild/blob_cache.cc
index fe658e605..c1b513092 100644
--- a/src/firebuild/blob_cache.cc
+++ b/src/firebuild/blob_cache.cc
@@ -445,9 +445,11 @@ void BlobCache::gc_blob_cache_dir(const std::string& path,
           if ((debug_postfix = strstr(name, kDebugPostfix))) {
             /* Files for debugging blobs.*/
             if (FB_DEBUGGING(FB_DEBUG_CACHE)) {
-              char* related_name = reinterpret_cast<char*>(alloca(debug_postfix - name + 1));
-              memcpy(related_name, name, debug_postfix - name);
-              related_name[debug_postfix - name] = '\0';
+              const size_t name_len = debug_postfix - name;
+              assert_cmp(name_len, <, FB_PATH_BUFSIZE);
+              char related_name[FB_PATH_BUFSIZE];
+              memcpy(related_name, name, name_len);
+              related_name[name_len] = '\0';
               struct stat st;
               if (fstatat(dirfd(dir), related_name, &st, 0) == 0) {
                 /* Keeping debugging file that has related blob. If the object gets removed