[pjmlp]

That is a CVE waiting to be exploited.

[uecker]

No.

[pjmlp]

It definitely is, given a nice combination of parameter values, stack sizes and careless programming.

[uecker]

It is not more unsafe than fixed-sized arrays on the stack and stack clash protection (which you need anyway) protects against this. Also if you compare with C++ and use std::vector, surprise, a CVE about to happen: https://godbolt.org/z/cTG71aTsf

(yes, one can activate library assertions, but still - by default - unsafe)