'Re: [oss-security] SEGV in `alloca(BIG)` and `long pl[BIG]`'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] SEGV in `alloca(BIG)` and `long pl[BIG]`
From:       Florian Weimer <fweimer () redhat ! com>
Date:       2023-02-08 9:42:19
Message-ID: 87h6vwqyro.fsf () oldenburg ! str ! redhat ! com
[Download RAW message or body]

* Georgi Guninski:

> Inline are two C warez, which crash on
> `alloca(BIG)` and `long pl[BIG]`.
>
> I think alloca(BIG) should return error if BIG>max_signed_size_t.
> In C++ `new[BUG]` throws exception and core dumps.

Unfortunately, alloca cannot report an error, and there is no portable
way to discover stack boundaries anyway.  With -fstack-clash-protection,
we could reliably produce crashes, but the feature is somewhat
incomplete:

  Integer overflows in dynamically-sized stack allocations with
  -fstack-clash-protection
  <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83697>

Thanks,
Florian

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic