[fc417fc802]

Stack overflow should not be a vulnerability for any modern tool chain. As to resource limits, LLVM has supported segmented stacks for something like a decade or maybe longer. Recursion is absolutely not the problem here. Outdated programming practices are.

[BradSwain]

> Outdated programming practices are.

What is the outdated programming practice at fault here?

[fc417fc802]

In the general case? The failure to compile with -fsplit-stack when that's necessary for whatever your requirements are. The failure to enable the stack protector when ... pretty much always.

For this particular CVE? I'm not clear. Possibly none. The writeup didn't provide sufficient detail and I haven't bothered to wade through the code. There may well be a reason recursion won't work here but it certainly isn't general.

I'd be curious to know in this case why resource limits couldn't be enforced for the recursive implementation but could be for the iterative one.