This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Commit: Use of alloca considered dangerous


> On Mar 21, 2016, at 12:30 PM, Nick Clifton <nickc@redhat.com> wrote:
> 
> Hi Guys,
> 
>  It was pointed out to me the other day that there are some unbounded
>  calls to alloca in the binutils, which in theory could lead to
>  exploits.  So I tried adding -Wstack-usage=NNN to the command line and
>  discovered that gcc would complain about any use of alloca, even
>  bounded ones.  Still they were easy to fix, and removing the use of
>  alloca, and variable length local arrays as well, seems like a good
>  idea.

I agree that alloca() needs bounds checks, but I don't see why you say that avoiding alloca entirely is "a good idea".

>  So I am applying the attached patch.  It enables -Wstack-usage when
>  -Werror is in effect. 

The documented meaning of -Werror is that it turns all (currently enabled) warnings into errors, nothing more.  For it to have a side effect of enabling some not previously enabled warning is not a good idea.

	paul


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]