From: Jeff Law <jeffreyalaw@gmail.com>
To: Joe Simmons-Talbott <josimmon@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v3] ifaddrs: Get rid of alloca
Date: Thu, 1 Jun 2023 08:43:56 -0600 [thread overview]
Message-ID: <855f0ed1-d05f-3b17-263b-a2957289e11d@gmail.com> (raw)
In-Reply-To: <20230530152539.2063770-1-josimmon@redhat.com>
On 5/30/23 09:25, Joe Simmons-Talbott via Libc-alpha wrote:
> Use scratch_buffer and malloc rather than alloca to avoid potential stack
> overflows.
> ---
> Changes to v2:
> * Initialize the scratch_buffer earlier to avoid memory access errors
> when calling scratch_buffer_free for failure cases.
>
> Changes to v1:
> * in __netlink_request use an 8kb buffer size and malloc rather than a
> scratch_buffer.
>
> Suggested-by: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
[ ... ]
Just wanted to say thanks for doing this. alloca has been a nightmare
through the years from a security standpoint.
I advocated for its removal from glibc years ago based on the simple
fact that the bugs exposed by the "bad guys" showed that even
experienced developers are prone to get this stuff wrong.
Instead I wanted to have GCC prove particular allocations were safe to
transform into alloca. That never panned out, but I still think the
compiler is the right place to exploit the performance improvements one
gets from alloca vs malloc/free.
jeff
next prev parent reply other threads:[~2023-06-01 14:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 15:25 Joe Simmons-Talbott
2023-05-31 12:24 ` Adhemerval Zanella Netto
2023-06-01 14:43 ` Jeff Law [this message]
2023-06-01 15:05 ` Florian Weimer
2023-06-01 15:13 ` Jeff Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=855f0ed1-d05f-3b17-263b-a2957289e11d@gmail.com \
--to=jeffreyalaw@gmail.com \
--cc=josimmon@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).