From: Jeff Law <law@redhat.com>
To: Richard Biener <richard.guenther@gmail.com>,
Aldy Hernandez <aldyh@redhat.com>
Cc: Martin Sebor <msebor@gmail.com>, gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: protected alloca class for malloc fallback
Date: Wed, 10 Aug 2016 18:00:00 -0000 [thread overview]
Message-ID: <e68d9261-a4ab-5da3-cbb6-87ad8dfb8757@redhat.com> (raw)
In-Reply-To: <CAFiYyc3JBtDD5ggdUO2Aami_pWf+1J3C5st7rZEGULDqrndvgg@mail.gmail.com>
On 08/10/2016 04:04 AM, Richard Biener wrote:
> On Tue, Aug 9, 2016 at 3:17 PM, Aldy Hernandez <aldyh@redhat.com> wrote:
>> On 08/05/2016 01:55 PM, Richard Biener wrote:
>>
>> Hi Richard.
>>
>>> Please don't use std::string. For string building you can use obstacks.
>>
>>
>> Alright let's talk details then so I can write things up in a way you
>> approve of.
>>
>> Take for instance simple uses like all the tree_*check_failed routines,
>> which I thought were great candidates for std::string-- they're going to be
>> outputted to the screen or disk which is clearly many times more expensive
>> than the malloc or overhead of std::string:
>>
>> length += strlen ("expected ");
>> buffer = tmp = (char *) alloca (length);
>> length = 0;
>> while ((code = (enum tree_code) va_arg (args, int)))
>> {
>> const char *prefix = length ? " or " : "expected ";
>>
>> strcpy (tmp + length, prefix);
>> length += strlen (prefix);
>> strcpy (tmp + length, get_tree_code_name (code));
>> length += strlen (get_tree_code_name (code));
>> }
>>
>> Do you suggest using obstacks here, or did you have something else in mind?
>
> Why would you want to get rid of the alloca here?
Do you know the range for LENGTH in the code above? Is it based on
something the user could potentially control (like a variable name,
typdef name, etc). If you don't know the length or it's possibly under
the control of the user, then this can blow out the stack, which makes
the code vulnerable to a stack shifting style attack by which further
writes into the stack are actually writing into other parts of the
stack, the heap, plt or some other location. Essentially this gives an
attacker control over one or more stores to memory, which is often
enough of a vulnerability to mount an attack.
jeff
next prev parent reply other threads:[~2016-08-10 18:00 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-04 11:30 Aldy Hernandez
2016-08-04 12:58 ` Richard Biener
2016-08-04 15:19 ` Aldy Hernandez
2016-08-04 19:24 ` Jeff Law
2016-08-05 14:37 ` Aldy Hernandez
2016-08-05 15:15 ` Pedro Alves
2016-08-05 16:23 ` Jeff Law
2016-08-05 17:48 ` Richard Biener
2016-08-05 8:17 ` Richard Biener
2016-08-04 19:06 ` Pedro Alves
2016-08-04 19:16 ` Jeff Law
2016-08-04 19:22 ` Pedro Alves
2016-08-04 19:26 ` Jeff Law
2016-08-04 19:31 ` Pedro Alves
2016-08-05 2:10 ` Martin Sebor
2016-08-05 14:42 ` Aldy Hernandez
2016-08-05 17:56 ` Richard Biener
2016-08-05 18:16 ` Oleg Endo
2016-08-05 20:07 ` Richard Biener
2016-08-06 10:09 ` Aldy Hernandez
2016-08-06 10:15 ` Aldy Hernandez
2016-08-06 15:08 ` Richard Biener
2016-08-08 17:00 ` Jeff Law
2016-08-08 17:32 ` Trevor Saunders
2016-08-08 19:03 ` Richard Biener
2016-08-09 11:34 ` Oleg Endo
2016-08-09 17:34 ` Trevor Saunders
2016-08-10 17:03 ` Oleg Endo
2016-08-11 1:23 ` Trevor Saunders
2016-08-11 12:18 ` Oleg Endo
2016-08-11 17:55 ` Trevor Saunders
2016-08-20 2:29 ` Mike Stump
2016-08-21 20:00 ` C++11? (Re: protected alloca class for malloc fallback) Pedro Alves
2016-08-22 7:10 ` Trevor Saunders
2016-08-22 7:28 ` Richard Biener
2016-08-22 12:02 ` Eric Gallager
2016-08-22 12:58 ` Manuel López-Ibáñez
2016-08-22 22:08 ` Mike Stump
2016-08-23 23:17 ` Eric Gallager
2016-08-09 13:17 ` protected alloca class for malloc fallback Aldy Hernandez
2016-08-09 13:21 ` Bernd Schmidt
2016-08-10 10:04 ` Richard Biener
2016-08-10 10:12 ` Aldy Hernandez
2016-08-10 10:39 ` Richard Biener
2016-08-10 18:00 ` Jeff Law [this message]
2016-08-10 18:33 ` Richard Biener
2016-08-16 16:28 ` Jeff Law
2016-08-16 16:44 ` Jakub Jelinek
2016-08-16 16:47 ` Jeff Law
2016-08-16 17:54 ` Martin Sebor
2016-08-17 8:27 ` Richard Biener
2016-08-17 13:39 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e68d9261-a4ab-5da3-cbb6-87ad8dfb8757@redhat.com \
--to=law@redhat.com \
--cc=aldyh@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=msebor@gmail.com \
--cc=richard.guenther@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).