This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Commit: Use of alloca considered dangerous

From: Nick Clifton <nickc at redhat dot com>
To: binutils at sourceware dot org
Date: Mon, 21 Mar 2016 16:30:50 +0000
Subject: Commit: Use of alloca considered dangerous
Authentication-results: sourceware.org; auth=none

Hi Guys,

  It was pointed out to me the other day that there are some unbounded
  calls to alloca in the binutils, which in theory could lead to
  exploits.  So I tried adding -Wstack-usage=NNN to the command line and
  discovered that gcc would complain about any use of alloca, even
  bounded ones.  Still they were easy to fix, and removing the use of
  alloca, and variable length local arrays as well, seems like a good
  idea.

  So I am applying the attached patch.  It enables -Wstack-usage when
  -Werror is in effect.  The patch then removes all uses of alloca,
  mostly replacing them with calls to xmalloc instead.  In theory this
  might slow things down a bit, but I doubt if the effect will be
  noticeable.

  Tested on a whole host of different toolchain with no regressions.

Cheers
  Nick

bfd/ChangeLog
2016-03-21  Nick Clifton  <nickc@redhat.com>

	* warning.m4 (GCC_WARN_CFLAGS): Add -Wstack-usage=262144
	* configure: Regenerate.
	* elf32-m68hc1x.c (elf32_m68hc11_relocate_section): Replace use of
	alloca with call to xmalloc.
	* elf32-nds32.c: Likewise.
	* elf64-hppa.c: Likewise.
	* elfxx-mips.c: Likewise.
	* pef.c: Likewise.
	* pei-x86_64.c: Likewise.
	* som.c: Likewise.
	* xsym.c: Likewise.

binutils/ChangeLog
2016-03-21  Nick Clifton  <nickc@redhat.com>

	* dlltool.c: Replace use of alloca with call to xmalloc.
	* dllwrap.c: Likewise.
	* nlmconv.c: Likewise.
	* objdump.c: Likewise.
	* resrc.c: Likewise.
	* winduni.c: Likewise.
	* configure: Regenerate.

gas/ChangeLog
2016-03-21  Nick Clifton  <nickc@redhat.com>

	* atof-generic.c: Replace use of alloca with call to xmalloc.
	* cgen.c: Likewise.
	* dwarf2dbg.c: Likewise.
	* macro.c: Likewise.
	* remap.c: Likewise.
	* stabs.c: Likewise.
	* symbols.c: Likewise.
	* config/obj-elf.c: Likewise.
	* config/tc-aarch64.c: Likewise.
	* config/tc-arc.c: Likewise.
	* config/tc-arm.c: Likewise.
	* config/tc-avr.c: Likewise.
	* config/tc-ia64.c: Likewise.
	* config/tc-mips.c: Likewise.
	* config/tc-msp430.c: Likewise.
	* config/tc-nds32.c: Likewise.
	* config/tc-ppc.c: Likewise.
	* config/tc-sh.c: Likewise.
	* config/tc-tic30.c: Likewise.
	* config/tc-tic54x.c: Likewise.
	* config/tc-xstormy16.c: Likewise.
	* config/te-vms.c: Likewise.
	* configure: Regenerate.

ld/ChangeLog
2016-03-21  Nick Clifton  <nickc@redhat.com>

	* emultempl/msp430.em: Replace use of alloca with call to xmalloc.
	* plugin.c: Likewise.
	* pe-dll.c: Likewise.

Attachment: alloca.patch.xz
Description: application/xz

Follow-Ups:
- Re: Commit: Use of alloca considered dangerous
  - From: Paul_Koning

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]