This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: alloca avoidance patches

On 06/19/2017 11:33 AM, Szabolcs Nagy wrote:
> On 19/06/17 17:47, Joseph Myers wrote:
>> It seems to me that we need a clear definition of what stack frame size 
>> glibc can assume is safe (so that we can aim to eliminate alloca and VLAs 
>> unless the compiler can see they are bounded, and use -Wstack-usage= for 
>> building glibc to make sure no function uses too much stack).
> my experience with musl is that the tricky recursive
> unbounded stack usage cases are not possible to catch
> with -Wstack-usage= (details below) and that it warns
> about several seemingly unbounded vlas that are clearly
> bounded after some manual analysis, i expect glibc
> would be similar.
The total stack usage isn't really the issue here.  Yes, over-use can
contribute to bringing the stack and heap close together.  But to jump
the  guard you need an allocation greater than a page without touching
the page.

My focus is on avoiding the possibility of jumping the guard by using
probes.  It's certainly good to limit unnecessary stack usage, but IMHO
it doesn't address the key choke point we have to mitigate these kinds
of attacks.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]