oss-sec mailing list archives
Re: alloca in inline functions can be dangerous
From: Andreas Lausch-Waas <andreas () flausch at>
Date: Sat, 15 Apr 2017 12:13:28 +0200
On 2017-04-10 16:55, Leandro Pereira wrote:
On Mon, Apr 10, 2017 at 7:36 AM, Jason A. Donenfeld <Jason () zx2c4 com> wrote:I'm interested if anybody else has encountered this behavior or has any thoughts about it.Yes, and I usually mark those functions with __attribute__((noinline)) to avoid precisely this kind of behavior.
This (VLAs in loops or inlines filling the stack) would be a gcc bug: "Jumping or breaking out of the scope of the array name deallocates the storage. Jumping into the scope is not allowed; you get an error message for it.". See https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html
At least GCC 6.3.1 does not call alloca for VLAs. -- Andreas
Current thread:
- alloca in inline functions can be dangerous Jason A. Donenfeld (Apr 10)
- Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)
- Re: alloca in inline functions can be dangerous Andreas Lausch-Waas (Apr 15)
- Re: alloca in inline functions can be dangerous Florian Weimer (Apr 14)
- Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)