[PATCH 1/2] Revert "ash: use alloca to get rid of setjmp"
Xabier Oneca -- xOneca
xoneca at gmail.com
Wed Jul 22 11:46:47 UTC 2015
Hello,
2015-07-22 5:19 GMT+02:00 Rich Felker <dalias at libc.org>:
> On Sun, Jul 19, 2015 at 11:07:13PM +0200, Denys Vlasenko wrote:
>> I would rather keep it.
>>
>> What is the "most horrible" thing which can happen here?
>
> Arbitrary code execution due to stack overflow. Does this really need
> a PoC? alloca is _always_ unsafe unless the argument is bounded and
> tiny.
>
> Rich
I've read alloca is not portable anyways...
I'm not an expert, but why not just use plain ol' malloc?
Cheers,
Xabier Oneca_,,_
More information about the busybox
mailing list