<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>
<blockquote type="cite">I'd strongly advise to avoid it in
general.</blockquote>
For general purpose code I would agree, but for realtime safe code
we want to avoid dynamic memory allocation and careful use of
alloca() is perfectly fine. But there are caveats.<br>
</p>
<p>In fact, we had a crasher in FFT objects which used temporary
buffers on the stack. Users tried to do a 100 000 point FFT and it
would crash on Windows. There are at least threee ways to solve
this problem:</p>
<p>a) conditionally switch to malloc() beyond a certain size (don't
forget to free the buffer :-)</p>
<p>b) use a pre-allocated buffer in the object</p>
<p>c) use thread local storage<br>
</p>
<p>
<blockquote type="cite">In fact, the next time I get on a Windows
machine I bet I can create a trivial Pd patch to blow the stack
using only `[list prepend]` and `[list fromsymbol]`.</blockquote>
To elaborate: The limit for ATOM_ALLOCA is 100 and the stack limit
is 1000. On a 64-bit system, t_atom takes 16 bytes (including
padding). This means we could have up to 1,600,000 bytes on the
stack before Pd's stack protection kicks in. The default stack
size on Windows is 1 MB, so it would blow up.<br>
</p>
<p>Christof<br>
</p>
<div class="moz-cite-prefix">On 04.12.2020 07:30, Jonathan Wilkes
via Pd-dev wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2113505231.2760251.1607063420070@mail.yahoo.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div class="yahoo-style-wrap" style="font-family:Helvetica Neue,
Helvetica, Arial, sans-serif;font-size:13px;">
<div id="ydp5803716byahoo_quoted_7814417716"
class="ydp5803716byahoo_quoted">> You can avoid the free()
if you HAVE_ALLOCA with
<div style="font-family:'Helvetica Neue', Helvetica, Arial,
sans-serif;font-size:13px;color:#26282a;">
<div>
<div id="ydp5803716byiv2019423405">
<div>
<div dir="ltr">
<div class="ydp5803716byiv2019423405gmail_quote"
dir="ltr" data-setdir="false">
<div><br clear="none">
</div>
<div>
<div>> t_atom* at = (t_atom*)alloca(ac
* sizeof(t_atom));</div>
</div>
<div><br>
</div>
<div dir="ltr" data-setdir="false">If the user can
control ac, then you have likely introduced a
potential crasher just to avoid a call to free.</div>
<div><br>
</div>
<div dir="ltr" data-setdir="false">Systemd had a
cve from using alloca awhile back. Pd recently
fixed a crasher due to alloca. In neither case
was alloca necessary.</div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">I'd strongly
advise to avoid it in general.<br>
</div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">In fact, the
next time I get on a Windows machine I bet I can
create a trivial Pd patch to blow the stack
using only `[list prepend]` and `[list
fromsymbol]`. If so it will be 100% due to
alloca, and an ostensibly defensive use of it at
that. (Have a look at the code for the
ATOMS_ALLOCA macro if someone wants to beat me
to it.)<br>
</div>
<div dir="ltr" data-setdir="false"><br>
</div>
<div dir="ltr" data-setdir="false">Best,<br>
</div>
<div dir="ltr" data-setdir="false">Jonathan<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Pd-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pd-dev@lists.iem.at">Pd-dev@lists.iem.at</a>
<a class="moz-txt-link-freetext" href="https://lists.puredata.info/listinfo/pd-dev">https://lists.puredata.info/listinfo/pd-dev</a>
</pre>
</blockquote>
</body>
</html>