Re: VLA and alloca

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VLA and alloca

From:	Tim Rühsen
Subject:	Re: VLA and alloca
Date:	Thu, 24 Jan 2019 12:51:55 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

On 1/20/19 4:36 PM, Bruno Haible wrote:
> Pádraig Brady wrote:
>> I've not analyzed the security concerns in detail, but in general
>> large allocations on the stack are bad for security
> 
> Indeed. Just reading this CVE [1] from a week ago, makes me want to
> disable all large allocations on the stack.

Yes please. Any chance to remove it from gettext.h ?

#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
  char msg_ctxt_id[msgctxt_len + msgid_len];
#else

> 
> Bruno
> 
> [1] https://www.openwall.com/lists/oss-security/2019/01/09/3

Regards, Tim

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Correct but unhelpful VLA warning vs. gnulib's gettext.h; can we eliminate the false positive?, Pádraig Brady, 2019/01/14
- Re: VLA and alloca, Bruno Haible, 2019/01/14
  - Re: VLA and alloca, Pádraig Brady, 2019/01/19
    - Re: VLA and alloca, Bruno Haible, 2019/01/20
    - Re: VLA and alloca, Pádraig Brady, 2019/01/20
    - Re: VLA and alloca, Bruno Haible, 2019/01/20
    - Re: VLA and alloca, Tim Rühsen <=

Prev by Date: Re: test-rwlock1 failing on latest Fedora Rawhide
Next by Date: fix some build errors on Android 4.3
Previous by thread: Re: VLA and alloca
Next by thread: [PATCH 0/2] OS/2 patches
Index(es):
- Date
- Thread