Hacker News new | ask | show | jobs
by jasonhansel 1418 days ago
Doesn't a similar DoS risk (from allowing users to allocate arbitrarily large amounts of memory) also apply to the heap? You shouldn't be giving arbitrary user-supplied ints to malloc either.
1 comments
lelanthran 1418 days ago
> Doesn't a similar DoS risk (from allowing users to allocate arbitrarily large amounts of memory) also apply to the heap?

DoS Risk? No one cares too much about that - the problem with VLAs is stack smashing, which then allows aribtrary user-supplied code to be executed.

You cannot do that with malloc() and friends.

link
saagarjha 1417 days ago
VLAs don’t smash the stack.
link
pjmlp 1417 days ago
Depends on the number you put inside, and the linker settings for stack size.
link
saagarjha 1417 days ago
No.
link