[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] SEGV in `alloca(BIG)` and `long pl[BIG]`
From: Florian Weimer <fweimer () redhat ! com>
Date: 2023-02-08 9:42:19
Message-ID: 87h6vwqyro.fsf () oldenburg ! str ! redhat ! com
[Download RAW message or body]
* Georgi Guninski:
> Inline are two C warez, which crash on
> `alloca(BIG)` and `long pl[BIG]`.
>
> I think alloca(BIG) should return error if BIG>max_signed_size_t.
> In C++ `new[BUG]` throws exception and core dumps.
Unfortunately, alloca cannot report an error, and there is no portable
way to discover stack boundaries anyway. With -fstack-clash-protection,
we could reliably produce crashes, but the feature is somewhat
incomplete:
Integer overflows in dynamically-sized stack allocations with
-fstack-clash-protection
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83697>
Thanks,
Florian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic