[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alloca
|
From: |
Jeffrey Walton |
|
Subject: |
Re: alloca |
|
Date: |
Sun, 26 Jul 2020 09:50:46 -0400 |
On Sun, Jul 26, 2020 at 9:34 AM Bruno Haible <bruno@clisp.org> wrote:
>
> Hi Jeffrey,
>
> > All alloca() code should be removed; not just CRAY.
> > alloca() is a dangerous compiler builtin.
>
> I disagree: when you use it with bounded allocation size only (e.g. through
> the module 'malloca'), there is no danger.
Intel has banned the function:
https://github.com/intel/safestringlib/wiki/SDL-List-of-Banned-Functions
Microsoft has banned the function:
https://docs.microsoft.com/en-us/previous-versions/bb288454(v=msdn.10)?redirectedfrom=MSDN
Apple has banned the function:
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html
The manufacturer tells you not to use it on their platforms
> > It does not convey failure
>
> A plain function entry does not convey failure either.
?
> Note that the module 'scratch_buffer' is overkill for these cases:
> if you can determine the allocation size ahead, and it is less than 1 KB,
> why should the code waste 1 KB of stack space?
It is not about size.
It is about reducing attack surface and risk.
It is a Certification & Accreditation (C&A) item. It's about passing an audit.
Jeff