This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Policy: alloca vs. malloc?
- From: Pedro Alves <palves at redhat dot com>
- To: Jeff Law <law at redhat dot com>
- Cc: "Carlos O'Donell" <carlos_odonell at mentor dot com>, libc-alpha <libc-alpha at sourceware dot org>, Roland McGrath <roland at hack dot frob dot com>
- Date: Fri, 08 Jun 2012 14:49:59 +0100
- Subject: Re: Policy: alloca vs. malloc?
- References: <4FD0E4DC.1000105@mentor.com> <4FD1C88E.1010201@redhat.com> <4FD1FD74.8030803@redhat.com>
On 06/08/2012 02:26 PM, Jeff Law wrote:
> On 06/08/2012 03:40 AM, Pedro Alves wrote:
>> On 06/07/2012 06:29 PM, Carlos O'Donell wrote:
>>
>>> * When growing a buffer, either on the stack or on the heap, watch out for integer overflow when calculating the new size. Such overflow should be treated as allocation failure than letting the integer wrap around.
>>>
>>> * If the size of the buffer is directly or indirectly under user control, consider imposing a maximum to help make denial-of-service attacks more difficult.
>>
>>
>> These appear to not really be "alloca vs malloc" material, but general guides that'd
>> better fit a different section.
> True, but a integer overflow feeding alloca can be turned into an exploit relatively easily as can an allocation where the size of the buffer is directly or indirectly under user control.
Note the sentence says "either on the stack or on the heap".
> I think they're important enough to mention in the alloca section given the numerous problems this kind of stuff has led to.
This is not an "how to use alloca" section, but a "choose alloca or malloc ?" policy
section. Those two points don't weigh on that decision.
You first decide which mechanism to use based on the other points, and then there's the
question of using the mechanism properly, but that is a separate question.
The advice quote above could be put on a "on alloca" or "on memory allocation"
or "on memory management and security" section just below, or some such, which could
even mention more things.
Just IMO anyway.
--
Pedro Alves