Re: -Wvla vs dcnpgettext

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: -Wvla vs dcnpgettext_expr's VLA decl

From:	Bruno Haible
Subject:	Re: -Wvla vs dcnpgettext_expr's VLA decl
Date:	Sun, 4 Dec 2011 15:05:17 +0100
User-agent:	KMail/1.13.6 (Linux/2.6.37.6-0.5-desktop; KDE/4.6.0; x86_64; ; )

Jim Meyering wrote:
> >> Do we have a guarantee that that array dimension is reasonable?
> >
> > Yes. While msgctxt and msgid normally rarely exceed 1 KB (because
> 
> That sounds like convention.  Is there a guarantee?

No, there is no guarantee. It's the programmer's responsibility to pass
only sensible arguments to this function.

> What I was wondering is whether there were some guard, say
> in all callers, that would prevent VLA abuse.

No, there isn't. The msgid and msgctxt are meant to be literal strings.
Even malicious abusers of a program cannot turn string literals into
multi-megabyte monsters that would lead to stack overflow.

Bruno
-- 
In memoriam Fred Hampton <http://en.wikipedia.org/wiki/Fred_Hampton>

[Prev in Thread]

Current Thread

[Next in Thread]

-Wvla vs dcnpgettext_expr's VLA decl, Jim Meyering, 2011/12/03
- Re: -Wvla vs dcnpgettext_expr's VLA decl, Bruno Haible, 2011/12/03
  - Re: -Wvla vs dcnpgettext_expr's VLA decl, Jim Meyering, 2011/12/03
    - Re: -Wvla vs dcnpgettext_expr's VLA decl, Simon Josefsson, 2011/12/04
    - Re: -Wvla vs dcnpgettext_expr's VLA decl, Jim Meyering, 2011/12/04
    - Re: -Wvla vs dcnpgettext_expr's VLA decl, Bruno Haible <=

Prev by Date: mktemp: not found
Next by Date: Re: [PATCH 2/4] Add a new sethostname module
Previous by thread: Re: -Wvla vs dcnpgettext_expr's VLA decl
Next by thread: mktemp: not found
Index(es):
- Date
- Thread