This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: protected alloca class for malloc fallback


On 08/04/2016 01:21 PM, Pedro Alves wrote:
On 08/04/2016 08:16 PM, Jeff Law wrote:
On 08/04/2016 01:06 PM, Pedro Alves wrote:
How wedded are we to alloca?
I would think only in the sense of existing codebase usage.

Based on how often alloca usage has resulted in a security vulnerability
it's clear we as developers can't use it correctly on a consistent
basis, thus I'd like to abolish it :-)  I'll settle for warning folks
when they use it incorrectly though.

Most allocas I've seen in my life were written to simply build
strings at run time, while lazily avoiding to think about writing
a  "free" call, rather than having been written for optimizing
some fast path, or for async-signal safe reasons.
Right -- the problem is if those strings are potentially under user control or the bad guys can arrange to overflow a size computation feeding an alloca, then this stuff becomes a huge gaping security hole. We've seen this repeatedly within glibc.

Jeff


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]