https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88088
--- Comment #18 from Segher Boessenkool <segher at gcc dot gnu.org> --- Your "trivial rewrite" does not work at all (you didn't modify "h"). It isn't trivial to avoid this warning at all, which was half of my point. The other half is that we should not warn that the normal use of a GCC C extension would be "bad" or a "security problem" when it is neither. Yes, marking the whole stack executable for the whole lifetime of a process when something in your program may use a trampoline is less than optimal, may make some exploits easier to pull off. But that is all. Making -Wall complain about it in all cases will only result in more people not using nested functions, although those are a useful C language extension (and required for some other languages, so GCC has to implement it *anyway*), while not actually giving them any more security. Nested functions are not insecure. Trampolines are not insecure. Executable trampolines are not insecure. Executable trampolines on the stack are not insecure. Executable *everything* on the stack is not insecure, on many architectures. The only thing is that having the whole stack executable makes it easier to exploit other problems, on other architectures.
