From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 2079C1F453
	for <normalperson@yhbt.net>; Sun, 20 Jan 2019 15:36:51 +0000 (UTC)
Received: from localhost ([127.0.0.1]:41180 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1glF9U-00005W-5J
	for normalperson@yhbt.net; Sun, 20 Jan 2019 10:36:48 -0500
Received: from eggs.gnu.org ([209.51.188.92]:39905)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bruno@clisp.org>) id 1glF9Q-00005P-JB
	for bug-gnulib@gnu.org; Sun, 20 Jan 2019 10:36:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bruno@clisp.org>) id 1glF9P-0004ZB-50
	for bug-gnulib@gnu.org; Sun, 20 Jan 2019 10:36:44 -0500
Received: from mo6-p00-ob.smtp.rzone.de ([2a01:238:20a:202:5300::6]:31009)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <bruno@clisp.org>) id 1glF9M-0004SJ-DW
	for bug-gnulib@gnu.org; Sun, 20 Jan 2019 10:36:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1547998592;
	s=strato-dkim-0002; d=clisp.org;
	h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=7715izYOAya+5XRXnqLQoXmHZTQV+i+aDLiQ2Ik0deg=;
	b=WT1e2oh5Uh1khpWgu6Xrg2o+vIN4tqTHaYU1eTUtbOkNfH96UZ/K2THbs+mk6i/EM7
	DnU24goh4CPoGkVNArf0jUb14qTCcEs5SHqAQ3t4RXwdlExZDYjTEHVV4sEWdRI8aCjy
	8hFIxc0yG8hVppODdC24TFUqDQL8/pyGSWMXhFXnG/QSls5QusLf+0e8XVEJNQJutAgc
	roXYQBRzS8qo9SpYWtLkTjrvk88Yl4SM1V8QF7B+wylGxVXGH0Cnw8BF0K4lrTZFj7TP
	jegtGLjz6pUTe2Z03QmkOvR+0nd84zMYvOX7rD0r7+XXmYM01ivoPLThDV79dXcDX9Ae
	EIug==
X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH+AHjwLuWOGKf2y/s="
X-RZG-CLASS-ID: mo00
Received: from bruno.haible.de by smtp.strato.de (RZmta 44.9 DYNA|AUTH)
	with ESMTPSA id v0a34ev0KFaUHrr
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521
	ECDH bits, eq. 15360 bits RSA))
	(Client did not present a certificate);
	Sun, 20 Jan 2019 16:36:30 +0100 (CET)
From: Bruno Haible <bruno@clisp.org>
To: =?ISO-8859-1?Q?P=E1draig?= Brady <P@draigbrady.com>
Subject: Re: VLA and alloca
Date: Sun, 20 Jan 2019 16:36:29 +0100
Message-ID: <4425313.A21oZ5zyQ0@omega>
User-Agent: KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; )
In-Reply-To: <2f26e4a4-c899-686c-473c-2c7773fff14b@draigBrady.com>
References: <CAGwX767VCHb1rbCYWK-td+bgyWvpxV35=S+HLub30oo-7HBXNA@mail.gmail.com>
	<2625370.QrXcNNoFVb@omega>
	<2f26e4a4-c899-686c-473c-2c7773fff14b@draigBrady.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a01:238:20a:202:5300::6
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
	<mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnulib/>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
	<mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: James Youngman <james@youngman.org>,
	Bernhard Voelker <mail@bernhard-voelker.de>, bug-gnulib@gnu.org
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

P=E1draig Brady wrote:
> I've not analyzed the security concerns in detail, but in general
> large allocations on the stack are bad for security

Indeed. Just reading this CVE [1] from a week ago, makes me want to
disable all large allocations on the stack.

Bruno

[1] https://www.openwall.com/lists/oss-security/2019/01/09/3