[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue building gnulib with clang (as used in GRUB)
From: |
Jeffrey Walton |
Subject: |
Re: Issue building gnulib with clang (as used in GRUB) |
Date: |
Fri, 25 Mar 2022 12:38:05 -0400 |
On Fri, Mar 25, 2022 at 10:00 AM Paul Eggert <eggert@cs.ucla.edu> wrote:
>
> ...
> > he possible
> > security issue is that this size variable can be manipulated
> > to enable mis-use via a stack overflow
> That issue shouldn't happen here; i.e., the diagnostic is a false alarm.
I believe the security issue is similar to alloca - a silent failure
that could lead to a wild write. A second concern is uninitialized
data.
Most people complain about the performance hit when using a VLA, however.
I thought Gnulib had a fixed size/growable buffer. Maybe it can be used instead.
Jeff