[PATCH 1/2] Revert "ash: use alloca to get rid of setjmp"

Xabier Oneca -- xOneca xoneca at gmail.com
Wed Jul 22 11:46:47 UTC 2015


Hello,

2015-07-22 5:19 GMT+02:00 Rich Felker <dalias at libc.org>:
> On Sun, Jul 19, 2015 at 11:07:13PM +0200, Denys Vlasenko wrote:
>> I would rather keep it.
>>
>> What is the "most horrible" thing which can happen here?
>
> Arbitrary code execution due to stack overflow. Does this really need
> a PoC? alloca is _always_ unsafe unless the argument is bounded and
> tiny.
>
> Rich

I've read alloca is not portable anyways...

I'm not an expert, but why not just use plain ol' malloc?

Cheers,

Xabier Oneca_,,_


More information about the busybox mailing list