[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VLA and alloca
From: |
Tim Rühsen |
Subject: |
Re: VLA and alloca |
Date: |
Thu, 24 Jan 2019 12:51:55 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
On 1/20/19 4:36 PM, Bruno Haible wrote:
> Pádraig Brady wrote:
>> I've not analyzed the security concerns in detail, but in general
>> large allocations on the stack are bad for security
>
> Indeed. Just reading this CVE [1] from a week ago, makes me want to
> disable all large allocations on the stack.
Yes please. Any chance to remove it from gettext.h ?
#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
char msg_ctxt_id[msgctxt_len + msgid_len];
#else
>
> Bruno
>
> [1] https://www.openwall.com/lists/oss-security/2019/01/09/3
Regards, Tim