On 5/1/23 19:27, Paul Eggert wrote:
* Do not use llistxattr (name, NULL, 0). Instead, invoke llistxattr on a small (say, 3 KiB) buffer on the stack. Use malloc only if llistxattr returns ERANGE, and keep expanding this buffer (via free-then-malloc, not realloc, since you don't need to save the old storage) while llistxattr returns ERANGE. Check for integer overflow when multiplying the buffer size by 1.5, by using ckd_add. Use 'free' at the end only if we used 'malloc'.
On second thought, since llistxattr (name, NULL, 0) gives us a good hint, perhaps it'd be better to do the following:
Invoke llistxattr on a small (say, 3 KiB) buffer on the stack. If this fails with ERANGE, use llistxattr (name, NULL, 0) to estimate the size and then use malloc+llistxattr with that size, repeating as long as llistxattr fails with ERANGE.
