On 08/04/2016 01:21 PM, Pedro Alves wrote:
On 08/04/2016 08:16 PM, Jeff Law wrote:
On 08/04/2016 01:06 PM, Pedro Alves wrote:
How wedded are we to alloca?
I would think only in the sense of existing codebase usage.
Based on how often alloca usage has resulted in a security vulnerability
it's clear we as developers can't use it correctly on a consistent
basis, thus I'd like to abolish it :-) I'll settle for warning folks
when they use it incorrectly though.
Most allocas I've seen in my life were written to simply build
strings at run time, while lazily avoiding to think about writing
a "free" call, rather than having been written for optimizing
some fast path, or for async-signal safe reasons.
Right -- the problem is if those strings are potentially under user
control or the bad guys can arrange to overflow a size computation
feeding an alloca, then this stuff becomes a huge gaping security hole.
We've seen this repeatedly within glibc.
Jeff
