From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5166 invoked by alias); 28 Oct 2015 16:35:10 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 4542 invoked by uid 48); 28 Oct 2015 16:35:02 -0000 From: "ebotcazou at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/68065] Size calculations for VLAs can overflow Date: Wed, 28 Oct 2015 16:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: 5.2.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ebotcazou at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-10/txt/msg02385.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065 Eric Botcazou changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ebotcazou at gcc dot gnu.org --- Comment #12 from Eric Botcazou --- > Stack overflows are detected with -fstack-check, or at least they would be > if the option worked properly: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66479 > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65958 Yes, it works, i.e. it detects stack overflows in real life. The first PR is certainly annoying but largely artificial and the second PR is actually a generic bug in the gimplifier with VLAs and alloca that the old implementation happens to run into; the modern one doesn't. > I've always found it quite bad that well-defined code with GCC can actually > be exploited (arbitrary write vulnerabilities) due to the fact that > -fstack-check is not enabled by default. MSVC++ and Clang on Windows > guarantee that stack overflows from well-defined code (large stack frames, > VLAs) will be caught. Same for GCC on Windows (but it does out-of-line stack checking). > However, the switch seems to cause a significant performance hit for functions > where it triggers (which are rare but sometimes performance critical, a good > example is jemalloc's rbtree implementation which uses arrays rather than > recursion) and compatibility issues due to the way it's currently implemented: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67265/. This one is more of a register allocation issue actually.