On 5/1/23 19:27, Paul Eggert wrote:
> * Do not use llistxattr (name, NULL, 0). Instead, invoke llistxattr on a
> small (say, 3 KiB) buffer on the stack. Use malloc only if llistxattr
> returns ERANGE, and keep expanding this buffer (via free-then-malloc,
> not realloc, since you don't need to save the old storage) while
> llistxattr returns ERANGE. Check for integer overflow when multiplying
> the buffer size by 1.5, by using ckd_add. Use 'free' at the end only if
> we used 'malloc'.
On second thought, since llistxattr (name, NULL, 0) gives us a good
hint, perhaps it'd be better to do the following:
Invoke llistxattr on a small (say, 3 KiB) buffer on the stack. If this
fails with ERANGE, use llistxattr (name, NULL, 0) to estimate the size
and then use malloc+llistxattr with that size, repeating as long as
llistxattr fails with ERANGE.