Rich Felker wrote:
I suspect it can easily be made to do arbitrary code execution when
otherwise-safe (e.g. checked against whitelist for special chars)
strings from untrusted input are expanded inside eval commands.
Any new use of VLA/alloca should be completely banned. It's basically
always an
On Mon, Jul 13, 2015 at 04:25:02AM +0200, Denys Vlasenko wrote:
On Thu, Jul 2, 2015 at 10:01 AM, Ron Yorston r...@frippery.org wrote:
Rich Felker wrote:
In general alloca is unsafe. It's not obvious to me what the code here
is doing, so I can't tell for sure if it's safe or not, but I think
Applied, thanks.
On Wed, Jul 1, 2015 at 5:46 PM, Ron Yorston r...@frippery.org wrote:
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from git://git.kernel.org/pub/scm/utils/dash/dash.git
On Mit, 2015-07-01 at 14:35 -0400, Rich Felker wrote:
On Wed, Jul 01, 2015 at 04:46:18PM +0100, Ron Yorston wrote:
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from
Rich Felker wrote:
In general alloca is unsafe. It's not obvious to me what the code here
is doing, so I can't tell for sure if it's safe or not, but I think
this needs a strong justification of safety before being acceptable.
It's a parser for a POSIXy shell, I doubt that the code is obvious to
On 1 Jul 2015 19:36, Rich Felker dal...@libc.org wrote:
On Wed, Jul 01, 2015 at 04:46:18PM +0100, Ron Yorston wrote:
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from git://
Bernd Petrovitsch wrote:
Since (GNU-)C99 is used: What about variable length arrays instead of
alloca?
I haven't looked at the code of gcc but I understand that it allocates
VLAs on the stack, so they'd be subject to the same limits as alloca.
Ron
___
On Wed, Jul 01, 2015 at 04:46:18PM +0100, Ron Yorston wrote:
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
In
Now that the only thing protected by setjmp/longjmp is the saved string,
we can allocate it on the stack to get rid of the jump.
Based on commit bd35d8e from git://git.kernel.org/pub/scm/utils/dash/dash.git
by Herbert Xu.
function old new delta