Re: VLA and alloca

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VLA and alloca

From:	Bruno Haible
Subject:	Re: VLA and alloca
Date:	Sun, 20 Jan 2019 16:36:29 +0100
User-agent:	KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; )

Pádraig Brady wrote:
> I've not analyzed the security concerns in detail, but in general
> large allocations on the stack are bad for security

Indeed. Just reading this CVE [1] from a week ago, makes me want to
disable all large allocations on the stack.

Bruno

[1] https://www.openwall.com/lists/oss-security/2019/01/09/3

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Correct but unhelpful VLA warning vs. gnulib's gettext.h; can we eliminate the false positive?, Pádraig Brady, 2019/01/14
- Re: VLA and alloca, Bruno Haible, 2019/01/14
  - Re: VLA and alloca, Pádraig Brady, 2019/01/19
    - Re: VLA and alloca, Bruno Haible, 2019/01/20
    - Re: VLA and alloca, Pádraig Brady, 2019/01/20
    - Re: VLA and alloca, Bruno Haible <=
    - Re: VLA and alloca, Tim Rühsen, 2019/01/24

Prev by Date: Re: VLA and alloca
Next by Date: Re: VLA and alloca
Previous by thread: Re: VLA and alloca
Next by thread: Re: VLA and alloca
Index(es):
- Date
- Thread