[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: -Wvla vs dcnpgettext_expr's VLA decl
From: |
Bruno Haible |
Subject: |
Re: -Wvla vs dcnpgettext_expr's VLA decl |
Date: |
Sun, 4 Dec 2011 15:05:17 +0100 |
User-agent: |
KMail/1.13.6 (Linux/2.6.37.6-0.5-desktop; KDE/4.6.0; x86_64; ; ) |
Jim Meyering wrote:
> >> Do we have a guarantee that that array dimension is reasonable?
> >
> > Yes. While msgctxt and msgid normally rarely exceed 1 KB (because
>
> That sounds like convention. Is there a guarantee?
No, there is no guarantee. It's the programmer's responsibility to pass
only sensible arguments to this function.
> What I was wondering is whether there were some guard, say
> in all callers, that would prevent VLA abuse.
No, there isn't. The msgid and msgctxt are meant to be literal strings.
Even malicious abusers of a program cannot turn string literals into
multi-megabyte monsters that would lead to stack overflow.
Bruno
--
In memoriam Fred Hampton <http://en.wikipedia.org/wiki/Fred_Hampton>