This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: alloca avoidance patches
On 06/19/2017 11:58 AM, Joseph Myers wrote:
> On Mon, 19 Jun 2017, Szabolcs Nagy wrote:
>
>> in any case i think it's more productive to
>> fix the stack usage bugs, instead of hardening
>> for this class of exploitable stack usage bugs,
>> even if the guard page catches the issue it
>> is an unwanted crash.
>
> Which gets back to wanting to use appropriate warning options, even if
> they don't catch all cases - and to needing an ABI-defined size it's safe
> to allocate, possibly more than a page if you rely on kernel fixes.
>
> (I expect strtold has one of the larger static stack allocations in glibc.
> I can see such amounts, possibly more, being needed for fixing cpow{,f,l}
> inaccuracy as well, on the assumption we should avoid libm functions
> calling malloc.)
I don't have the list handy, but the strtol family was in the list of
functions with enough stack space in the prologue to require probing.
Jeff