This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 08/04/2016 01:21 PM, Pedro Alves wrote:
Right -- the problem is if those strings are potentially under user control or the bad guys can arrange to overflow a size computation feeding an alloca, then this stuff becomes a huge gaping security hole. We've seen this repeatedly within glibc.On 08/04/2016 08:16 PM, Jeff Law wrote:On 08/04/2016 01:06 PM, Pedro Alves wrote:How wedded are we to alloca?I would think only in the sense of existing codebase usage. Based on how often alloca usage has resulted in a security vulnerability it's clear we as developers can't use it correctly on a consistent basis, thus I'd like to abolish it :-) I'll settle for warning folks when they use it incorrectly though.Most allocas I've seen in my life were written to simply build strings at run time, while lazily avoiding to think about writing a "free" call, rather than having been written for optimizing some fast path, or for async-signal safe reasons.
Jeff
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |