[scudo] change allocation buffer size with env var (#71703)

We don't allow SCUDO_OPTIONS to be preserved across SELinux transitions,
so introducing a more constrained one that we can preserve.

Author: fmayer

compiler-rt/lib/scudo/standalone/flags.cpp

@@ -68,6 +68,9 @@ void initFlags() {
   Parser.parseString(getCompileDefinitionScudoDefaultOptions());
   Parser.parseString(getScudoDefaultOptions());
   Parser.parseString(getEnv("SCUDO_OPTIONS"));
+  if (const char *V = getEnv("SCUDO_ALLOCATION_RING_BUFFER_SIZE")) {
+    Parser.parseStringPair("allocation_ring_buffer_size", V);
+  }
 }
 
 } // namespace scudo

compiler-rt/lib/scudo/standalone/flags_parser.cpp

@@ -10,6 +10,7 @@
 #include "common.h"
 #include "report.h"
 
+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -80,7 +81,7 @@ void FlagParser::parseFlag() {
       ++Pos;
     Value = Buffer + ValueStart;
   }
-  if (!runHandler(Name, Value))
+  if (!runHandler(Name, Value, '='))
     reportError("flag parsing failed.");
 }
 
@@ -122,10 +123,16 @@ inline bool parseBool(const char *Value, bool *b) {
   return false;
 }
 
-bool FlagParser::runHandler(const char *Name, const char *Value) {
+void FlagParser::parseStringPair(const char *Name, const char *Value) {
+  if (!runHandler(Name, Value, '\0'))
+    reportError("flag parsing failed.");
+}
+
+bool FlagParser::runHandler(const char *Name, const char *Value,
+                            const char Sep) {
   for (u32 I = 0; I < NumberOfFlags; ++I) {
     const uptr Len = strlen(Flags[I].Name);
-    if (strncmp(Name, Flags[I].Name, Len) != 0 || Name[Len] != '=')
+    if (strncmp(Name, Flags[I].Name, Len) != 0 || Name[Len] != Sep)
       continue;
     bool Ok = false;
     switch (Flags[I].Type) {
@@ -136,8 +143,17 @@ bool FlagParser::runHandler(const char *Name, const char *Value) {
       break;
     case FlagType::FT_int:
       char *ValueEnd;
-      *reinterpret_cast<int *>(Flags[I].Var) =
-          static_cast<int>(strtol(Value, &ValueEnd, 10));
+      long V = strtol(Value, &ValueEnd, 10);
+      static_assert(INT_MAX <= LONG_MAX);
+      static_assert(INT_MIN >= LONG_MIN);
+      // strtol returns LONG_MAX on overflow and LONG_MIN on underflow.
+      // This is why we compare-equal here (and lose INT_MIN and INT_MAX as a
+      // value, but that's okay)
+      if (V >= INT_MAX || V <= INT_MIN) {
+        reportInvalidFlag("int", Value);
+        return false;
+      }
+      *reinterpret_cast<int *>(Flags[I].Var) = static_cast<int>(V);
       Ok =
           *ValueEnd == '"' || *ValueEnd == '\'' || isSeparatorOrNull(*ValueEnd);
       if (!Ok)

compiler-rt/lib/scudo/standalone/flags_parser.h

@@ -27,6 +27,7 @@ class FlagParser {
                     void *Var);
   void parseString(const char *S);
   void printFlagDescriptions();
+  void parseStringPair(const char *Name, const char *Value);
 
 private:
   static const u32 MaxFlags = 20;
@@ -45,7 +46,7 @@ class FlagParser {
   void skipWhitespace();
   void parseFlags();
   void parseFlag();
-  bool runHandler(const char *Name, const char *Value);
+  bool runHandler(const char *Name, const char *Value, char Sep);
 };
 
 void reportUnrecognizedFlags();