:: Re: [DNG] Nasty Linux systemd secur…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Andreas Messer
Fecha:  
A: dng
Asunto: Re: [DNG] Nasty Linux systemd security bug revealed
On Wed, Jul 21, 2021 at 02:36:16PM +0200, Didier Kryn wrote:
> added (by gcc ?) to work around a missing feature of the C language:
> dynamic allocation on the stack. This lack has disapeared many years ago
> ( don't know with which version of the C standard) , with the following
> form of allocation:
>
> ...
>
> n = 2x+1;
>
> {
>
>     int array[n];
>
>     ...
>
> }
>
>     And, therefore, alloca() should be removed.


Well, alloca(n*sizeof(int)) and your suggestion both do the same in that
they allocate memory from stack without any checking. Thus both will
show the same failure mode of possible stack overflow.

In any case, the implementation should put some limit on n before
executing alloca() or int array[n].

To be honest, I really don't seesomething against using alloca() despite
its not Posix. Especially, there is no advantage of array[n]
regarding the stack overflow issue.

Of course, critical software should not rely on dynamic stack allocation
since its unpredictable. (but also not on runtime heap allocation too)

cheers,
Andreas

--
gnuPG keyid: 8C2BAF51
fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51