I do not agree that VLAs are generally bad for security. I think the opposite is true. A VLA with the right size allows the compiler to automatically perform or insert meaningful bounds checks, while a fixed upper bound does not.
For example: char buf[N]; buf[n] = 1; Here, a compiler / analysis tool can for n < N using static analysis or insert a run-time check. Replacing this with char buf[MAX_SIZE] hides the information about the true upper bound from automatic tools. Limiting the stack usage can also be achieved in the following way: assert(N <= MAX_SIZE) char buf[N]; Of course, having predictable stack usage might be moreĀ important in the kernel and might be a good argument to still prefer the constant bound. But loosing the tighter bounds is clearly a disadvantage with respect to security that one should keep it mind. Best, Martin
