Y
Hacker News
new
|
ask
|
show
|
jobs
by
slrz
2437 days ago
As long as the allocation size is bounded (due to alloca/VLAs lacking any mechanism to signal allocation failure), what's the problem with that?
1 comments
kevin_thibedeau
2437 days ago
The problem is that 1) you can't assume what the available stack space is and 2) you don't let tainted user input determine allocation sizes which is what Systemd did in the CVE disclosed earlier this year.
link