| commit | 8ea4d21748f837d00b2e3c31f29cea0e6f90649a | |
| author | Richard W.M. Jones <rjones@redhat.com> | |
| Thu, 5 Sep 2019 11:20:02 +0000 (5 12:20 +0100) | ||
| committer | Richard W.M. Jones <rjones@redhat.com> | |
| Thu, 5 Sep 2019 13:02:14 +0000 (5 14:02 +0100) | ||
| tree | 680d06e06edd2c5591a7d1296dc7c1877bb62760 | treesnapshot (tar.gz zip) |
| parent | 06f24c932726992c4bea7e3c5b3276a86e63780f | commitdiff |
Ban use of stack Variable Length Arrays (VLAs).
I'm not someone who thinks VLAs are automatically bad and unlike Linux
kernel code they can sometimes be used safely in userspace. However
for an internet exposed server there is an argument that they might
cause some kind of exploitable situation especially if the code is
compiled without other stack hardening features. Also in highly
multithreaded code with limited stack sizes (as nbdkit is on some
platforms) allowing unbounded stack allocation can be a bad idea
because it can cause a segfault.
So this commit bans them. Only when using --enable-gcc-warnings, but
upstream developers ought to be using that.
There were in fact only two places where VLAs were being used. In one
of those places (plugins/sh) removing the VLA actually made the code
better.
For interesting discussion about VLAs in the kernel see:
https://lwn.net/Articles/763253/
I'm not someone who thinks VLAs are automatically bad and unlike Linux
kernel code they can sometimes be used safely in userspace. However
for an internet exposed server there is an argument that they might
cause some kind of exploitable situation especially if the code is
compiled without other stack hardening features. Also in highly
multithreaded code with limited stack sizes (as nbdkit is on some
platforms) allowing unbounded stack allocation can be a bad idea
because it can cause a segfault.
So this commit bans them. Only when using --enable-gcc-warnings, but
upstream developers ought to be using that.
There were in fact only two places where VLAs were being used. In one
of those places (plugins/sh) removing the VLA actually made the code
better.
For interesting discussion about VLAs in the kernel see:
https://lwn.net/Articles/763253/
| configure.ac | diffblobblamehistory | |
| plugins/sh/sh.c | diffblobblamehistory | |
| server/sockets.c | diffblobblamehistory |