Re: VLA and alloca

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VLA and alloca

From:	Paul Eggert
Subject:	Re: VLA and alloca
Date:	Sat, 2 Feb 2019 14:58:34 -0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

Tim Rühsen wrote:

Just reading this CVE [1] from a week ago, makes me want to
disable all large allocations on the stack.

Yes please. Any chance to remove it from gettext.h ?

#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS
   char msg_ctxt_id[msgctxt_len + msgid_len];
#else


It's already removed from gettext.h if you define GNULIB_NO_VLAS.

Typical applications never give dcpgettext_expr arguments so long that its VLAwill crush the stack. For these applications enabling VLAs can be a minorperformance win, so I'm not inclined to define GNULIB_NO_VLA for the apps I helpmaintain.

Ironically, though, one of the few applications that needs to supportreally-long message-IDs is the 'gettext' program itself. This might be anargument for disabling use of VLAs in libgettext, even though most applicationswork just fine with VLAs. If we do that, GNULIB_NO_VLA will have no effectsince lib/gettext.h is the only source file where Gnulib creates VLAs.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: VLA and alloca, Paul Eggert, 2019/02/02
- Re: VLA and alloca, Paul Eggert <=

Prev by Date: Re: VLA and alloca
Next by Date: script for determining the set of symbols to export from a library
Previous by thread: Re: VLA and alloca
Next by thread: script for determining the set of symbols to export from a library
Index(es):
- Date
- Thread