This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Policy: alloca vs. malloc?

On 06/08/2012 02:26 PM, Jeff Law wrote:

> On 06/08/2012 03:40 AM, Pedro Alves wrote:
>> On 06/07/2012 06:29 PM, Carlos O'Donell wrote:
>>
>>>   * When growing a buffer, either on the stack or on the heap, watch out for integer overflow when calculating the new size. Such overflow should be treated as allocation failure than letting the integer wrap around.
>>>
>>>   * If the size of the buffer is directly or indirectly under user control, consider imposing a maximum to help make denial-of-service attacks more difficult.
>>
>>
>> These appear to not really be "alloca vs malloc" material, but general guides that'd
>> better fit a different section.
> True, but a integer overflow feeding alloca can be turned into an exploit relatively easily as can an allocation where the size of the buffer is directly or indirectly under user control.


Note the sentence says "either on the stack or on the heap".

> I think they're important enough to mention in the alloca section given the numerous problems this kind of stuff has led to.


This is not an "how to use alloca" section, but a "choose alloca or malloc ?" policy
section.  Those two points don't weigh on that decision.
You first decide which mechanism to use based on the other points, and then there's the
question of using the mechanism properly, but that is a separate question.
The advice quote above could be put on a "on alloca" or "on memory allocation"
or "on memory management and security" section just below, or some such, which could
even mention more things.

Just IMO anyway.

-- 
Pedro Alves
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]