This is the mail archive of the
mailing list for the binutils project.
Re: Commit: Use of alloca considered dangerous
- From: Jeff Law <law at redhat dot com>
- To: Paul_Koning at Dell dot com, nickc at redhat dot com
- Cc: binutils at sourceware dot org
- Date: Mon, 21 Mar 2016 10:58:51 -0600
- Subject: Re: Commit: Use of alloca considered dangerous
- Authentication-results: sourceware.org; auth=none
- References: <87mvprx079 dot fsf at redhat dot com> <B1F8A0EC-9D4D-459E-899A-5638E2CCE924 at dell dot com>
On 03/21/2016 10:56 AM, Paul_Koning@Dell.com wrote:
Based on what I've seen through the years, if you can't put a hard
bounds on an alloca, then you're far better off from a security
standpoint avoiding it completely.
On Mar 21, 2016, at 12:30 PM, Nick Clifton <firstname.lastname@example.org> wrote:
It was pointed out to me the other day that there are some unbounded
calls to alloca in the binutils, which in theory could lead to
exploits. So I tried adding -Wstack-usage=NNN to the command line and
discovered that gcc would complain about any use of alloca, even
bounded ones. Still they were easy to fix, and removing the use of
alloca, and variable length local arrays as well, seems like a good
I agree that alloca() needs bounds checks, but I don't see why you say that avoiding alloca entirely is "a good idea".