[pilif]

IMHO you're converting your heap buffer overflows into stack buffer overflows which are even easier to exploit.

[thenewwazoo]

Stack usage is also much, much, much easier to characterize. In systems where stack depth is well-controlled (i.e. most embedded systems that don't have dynamic process/thread creation), very simple analysis will suffice to identify places where you blow your stack.

[usefulcat]

Not using the heap != everything is allocated on the stack. In situations where you want to avoid dynamic allocation, memory for most things that would otherwise have been dynamically allocated ends up being statically allocated at compile time.

[sigjuice]

Absolutely none of this is immune to buffer overflows.

[usefulcat]

No, but you're a lot more likely to be able to overwrite the return address via a stack-based buffer overflow, and that is generally a much more serious kind of attack.

[revelation]

Exploiting systems without dynamic memory is pretty meh.. that's some NSA level Stuxnet bespoke shit.

But no, judging from the code, you just give it one big fat I/O buffer that will usually come from .bss

[nwmcsween]

It depends, does malloc have some form of hardening? does the compiler insert stack canaries?