[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VLA and alloca

From: Tim Rühsen
Subject: Re: VLA and alloca
Date: Thu, 24 Jan 2019 12:51:55 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

On 1/20/19 4:36 PM, Bruno Haible wrote:
> Pádraig Brady wrote:
>> I've not analyzed the security concerns in detail, but in general
>> large allocations on the stack are bad for security
> Indeed. Just reading this CVE [1] from a week ago, makes me want to
> disable all large allocations on the stack.

Yes please. Any chance to remove it from gettext.h ?

  char msg_ctxt_id[msgctxt_len + msgid_len];

> Bruno
> [1] https://www.openwall.com/lists/oss-security/2019/01/09/3

Regards, Tim

reply via email to

[Prev in Thread] Current Thread [Next in Thread]