Commit: Use of alloca considered dangerous
Paul_Koning@Dell.com
Paul_Koning@Dell.com
Mon Mar 21 17:12:00 GMT 2016
> On Mar 21, 2016, at 12:58 PM, Jeff Law <law@redhat.com> wrote:
>
> On 03/21/2016 10:56 AM, Paul_Koning@Dell.com wrote:
>>
>>> On Mar 21, 2016, at 12:30 PM, Nick Clifton <nickc@redhat.com> wrote:
>>>
>>> Hi Guys,
>>>
>>> It was pointed out to me the other day that there are some unbounded
>>> calls to alloca in the binutils, which in theory could lead to
>>> exploits. So I tried adding -Wstack-usage=NNN to the command line and
>>> discovered that gcc would complain about any use of alloca, even
>>> bounded ones. Still they were easy to fix, and removing the use of
>>> alloca, and variable length local arrays as well, seems like a good
>>> idea.
>>
>> I agree that alloca() needs bounds checks, but I don't see why you say that avoiding alloca entirely is "a good idea".
> Based on what I've seen through the years, if you can't put a hard bounds on an alloca, then you're far better off from a security standpoint avoiding it completely.
Absolutely. But isn't that a case by case test? If 7 uses of alloca don't have a guaranteed hard bound but the 8th one does, then I agree the 7 have to change -- but would it not be reasonable to keep the 8th?
paul
More information about the Binutils
mailing list