This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Policy: alloca vs. malloc?
- From: Pedro Alves <palves at redhat dot com>
- To: "Carlos O'Donell" <carlos_odonell at mentor dot com>
- Cc: libc-alpha <libc-alpha at sourceware dot org>, Roland McGrath <roland at hack dot frob dot com>
- Date: Fri, 08 Jun 2012 10:40:30 +0100
- Subject: Re: Policy: alloca vs. malloc?
- References: <4FD0E4DC.1000105@mentor.com>
On 06/07/2012 06:29 PM, Carlos O'Donell wrote:
> * When growing a buffer, either on the stack or on the heap, watch out for integer overflow when calculating the new size. Such overflow should be treated as allocation failure than letting the integer wrap around.
>
> * If the size of the buffer is directly or indirectly under user control, consider imposing a maximum to help make denial-of-service attacks more difficult.
These appear to not really be "alloca vs malloc" material, but general guides that'd
better fit a different section.
--
Pedro Alves