bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue building gnulib with clang (as used in GRUB)


From: Jeffrey Walton
Subject: Re: Issue building gnulib with clang (as used in GRUB)
Date: Fri, 25 Mar 2022 12:38:05 -0400

On Fri, Mar 25, 2022 at 10:00 AM Paul Eggert <eggert@cs.ucla.edu> wrote:
>
> ...
> > he possible
> > security issue is that this size variable can be manipulated
> > to enable mis-use via a stack overflow
> That issue shouldn't happen here; i.e., the diagnostic is a false alarm.

I believe the security issue is similar to alloca - a silent failure
that could lead to a wild write. A second concern is uninitialized
data.

Most people complain about the performance hit when using a VLA, however.

I thought Gnulib had a fixed size/growable buffer. Maybe it can be used instead.

Jeff



reply via email to

[Prev in Thread] Current Thread [Next in Thread]