protected alloca class for malloc fallback
Pedro Alves
palves@redhat.com
Thu Aug 4 19:22:00 GMT 2016
On 08/04/2016 08:16 PM, Jeff Law wrote:
> On 08/04/2016 01:06 PM, Pedro Alves wrote:
>> How wedded are we to alloca?
> I would think only in the sense of existing codebase usage.
>
> Based on how often alloca usage has resulted in a security vulnerability
> it's clear we as developers can't use it correctly on a consistent
> basis, thus I'd like to abolish it :-) I'll settle for warning folks
> when they use it incorrectly though.
Most allocas I've seen in my life were written to simply build
strings at run time, while lazily avoiding to think about writing
a "free" call, rather than having been written for optimizing
some fast path, or for async-signal safe reasons.
My guess is that auto_vec<char, MAX_ALLOCA_SIZE> covers any
fast-path-handling requirement in gcc.
(Where alloca is being used for async-signal safely reasons you
can't have a malloc fallback anyway, so out of scope for the
proposed protected_alloca too.)
Thanks,
Pedro Alves
More information about the Gcc-patches
mailing list