[src/trunk]: src/lib/libc/stdlib explain a bit more what's wrong with alloca(3)

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libc/stdlib explain a bit more what's wrong with alloca(3)
From: christos <christos%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 23:48:41 +0000

details:   https://anonhg.NetBSD.org/src/rev/3fceed469e77
branches:  trunk
changeset: 782271:3fceed469e77
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Oct 24 22:25:49 2012 +0000

description:
explain a bit more what's wrong with alloca(3)

diffstat:

 lib/libc/stdlib/alloca.3 |  37 +++++++++++++++++++++++++++----------
 1 files changed, 27 insertions(+), 10 deletions(-)

diffs (80 lines):

diff -r cba092e8e257 -r 3fceed469e77 lib/libc/stdlib/alloca.3
--- a/lib/libc/stdlib/alloca.3  Wed Oct 24 22:10:52 2012 +0000
+++ b/lib/libc/stdlib/alloca.3  Wed Oct 24 22:25:49 2012 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: alloca.3,v 1.14 2011/03/21 04:42:50 jruoho Exp $
+.\"    $NetBSD: alloca.3,v 1.15 2012/10/24 22:25:49 christos Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"     from: @(#)alloca.3     8.1 (Berkeley) 6/4/93
 .\"
-.Dd March 21, 2011
+.Dd October 24, 2012
 .Dt ALLOCA 3
 .Os
 .Sh NAME
@@ -58,36 +58,53 @@
 .Dv NULL
 pointer is returned.
 .Sh SEE ALSO
+.Xr cc 1 ,
 .Xr brk 2 ,
 .Xr calloc 3 ,
 .Xr getpagesize 3 ,
 .Xr malloc 3 ,
-.Xr realloc 3
+.Xr realloc 3 ,
+.Xr security 7
 .Sh CAVEATS
 Few limitations can be mentioned:
 .Bl -bullet
 .It
 The
 .Fn alloca
-function
-is machine dependent; its use is discouraged.
+function is not part of any C standard and its use is not portable.
+.It
+The 
+.Fn alloca
+function should be supplied by the compiler because the compiler is allowed to
+make assumptions about the stack and frame pointers. The libc
+.Fn alloca
+implementation cannot account for those assumptions.
+While there is a
+machine dependent implementation of
+.Fn alloca
+in libc, its use is discouraged and in most cases it will not work.
+Using this implementation will produce linker warnings.
 .It
 The
 .Fn alloca
-function is slightly unsafe because it cannot ensure that the pointer
+function is unsafe because it cannot ensure that the pointer
 returned points to a valid and usable block of memory.
 The allocation made may exceed the bounds of the stack, or even go
 further into other objects in memory, and
 .Fn alloca
 cannot determine such an error.
-Avoid
+For that all
 .Fn alloca
-with large unbounded allocations.
+allocations should be bounded and limited to a small size.
 .It
 Since
 .Fn alloca
-modifies the stack at runtime,
-it causes problems to certain security features.
+modifies the stack at runtime and the stack usage of each function frame
+cannot be predicted, it makes many compiler security features 
+(such as
+.Xr cc 1
+.Fl fstack-protector )
+useless for the calling function.
 See
 .Xr security 7
 for a discussion.

Prev by Date: [src/trunk]: src/lib/libc/compat/gen Add a warning when we are using the libc...
Next by Date: [src/trunk]: src/lib/libc/stdlib Whitespace improvements.
Previous by Thread: [src/trunk]: src/lib/libc/compat/gen Add a warning when we are using the libc...
Next by Thread: [src/trunk]: src/lib/libc/stdlib Whitespace improvements.
Indexes:

Home | Main Index | Thread Index | Old Index