This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Commit: Use of alloca considered dangerous

From: Jeff Law <law at redhat dot com>
To: Paul_Koning at Dell dot com, nickc at redhat dot com
Cc: binutils at sourceware dot org
Date: Mon, 21 Mar 2016 10:58:51 -0600
Subject: Re: Commit: Use of alloca considered dangerous
Authentication-results: sourceware.org; auth=none
References: <87mvprx079 dot fsf at redhat dot com> <B1F8A0EC-9D4D-459E-899A-5638E2CCE924 at dell dot com>

On 03/21/2016 10:56 AM, Paul_Koning@Dell.com wrote:

On Mar 21, 2016, at 12:30 PM, Nick Clifton <nickc@redhat.com> wrote:

Hi Guys,

  It was pointed out to me the other day that there are some unbounded
  calls to alloca in the binutils, which in theory could lead to
  exploits.  So I tried adding -Wstack-usage=NNN to the command line and
  discovered that gcc would complain about any use of alloca, even
  bounded ones.  Still they were easy to fix, and removing the use of
  alloca, and variable length local arrays as well, seems like a good
  idea.


I agree that alloca() needs bounds checks, but I don't see why you say that avoiding alloca entirely is "a good idea".

Based on what I've seen through the years, if you can't put a hardbounds on an alloca, then you're far better off from a securitystandpoint avoiding it completely.


jeff

Follow-Ups:
- Re: Commit: Use of alloca considered dangerous
  - From: Paul_Koning

References:
- Commit: Use of alloca considered dangerous
  - From: Nick Clifton
- Re: Commit: Use of alloca considered dangerous
  - From: Paul_Koning

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]