Re: [PATCH v3] ifaddrs: Get rid of alloca

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Jeff Law <jeffreyalaw@gmail.com>
To: Joe Simmons-Talbott <josimmon@redhat.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v3] ifaddrs: Get rid of alloca
Date: Thu, 1 Jun 2023 08:43:56 -0600	[thread overview]
Message-ID: <855f0ed1-d05f-3b17-263b-a2957289e11d@gmail.com> (raw)
In-Reply-To: <20230530152539.2063770-1-josimmon@redhat.com>

On 5/30/23 09:25, Joe Simmons-Talbott via Libc-alpha wrote:
> Use scratch_buffer and malloc rather than alloca to avoid potential stack
> overflows.
> ---
> Changes to v2:
>    * Initialize the scratch_buffer earlier to avoid memory access errors
>      when calling scratch_buffer_free for failure cases.
> 
> Changes to v1:
>    * in __netlink_request use an 8kb buffer size and malloc rather than a
>      scratch_buffer.
> 
>      Suggested-by: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
[ ... ]
Just wanted to say thanks for doing this.  alloca has been a nightmare 
through the years from a security standpoint.

I advocated for its removal from glibc years ago based on the simple 
fact that the bugs exposed by the "bad guys" showed that even 
experienced developers are prone to get this stuff wrong.

Instead I wanted to have GCC prove particular allocations were safe to 
transform into alloca.  That never panned out, but I still think the 
compiler is the right place to exploit the performance improvements one 
gets from alloca vs malloc/free.

jeff

next prev parent reply	other threads:[~2023-06-01 14:43 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-30 15:25 Joe Simmons-Talbott
2023-05-31 12:24 ` Adhemerval Zanella Netto
2023-06-01 14:43 ` Jeff Law [this message]
2023-06-01 15:05   ` Florian Weimer
2023-06-01 15:13     ` Jeff Law

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=855f0ed1-d05f-3b17-263b-a2957289e11d@gmail.com \
    --to=jeffreyalaw@gmail.com \
    --cc=josimmon@redhat.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).