Hello, 2015-07-22 5:19 GMT+02:00 Rich Felker <[email protected]>: > On Sun, Jul 19, 2015 at 11:07:13PM +0200, Denys Vlasenko wrote: >> I would rather keep it. >> >> What is the "most horrible" thing which can happen here? > > Arbitrary code execution due to stack overflow. Does this really need > a PoC? alloca is _always_ unsafe unless the argument is bounded and > tiny. > > Rich
I've read alloca is not portable anyways... I'm not an expert, but why not just use plain ol' malloc? Cheers, Xabier Oneca_,,_ _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
