Date: Sat, 30 Jan 2021 16:42:04 +0100
Corentin,
on Sat, 30 Jan 2021 16:27:26 +0100 you (Corentin via Liaison
<liaison_at_[hidden]>) wrote:
> It is probably a stupid question, but, do we not that that VLAs in C++
> could lead to additional security issues and vulnerabilities caused
> by hard to handle stack overflows?
This is often a "reason" put in front from people that are against
VLA. But that is not much different from recursion, which also may
lead to stack overflow, but where you don't find so much pesting
against.
(And modern techniques that watch your stack help for both problems.)
Then there is also the point that I try to make in my common C/C++
core specification that if you don't want VLA (the beasts that you
allocate on the stack) you'd still should consider what C calls VM
types (variably modified types). These are basically pointers to VLA
and other derivations, and they are extremely helpfull for the
specification of function interfaces that can propagate array bounds.
Unfortunately, the C++ compiler that I know of that has partially
implemented VLA has got it entirely wrong. They allow VLA on the stack
(so they allow for all the possible stack explosion) but they don't
allow VM as function parameters (so they force the compiler to forget
array bounds when rewritten to a pointer).
Thanks
Jens
on Sat, 30 Jan 2021 16:27:26 +0100 you (Corentin via Liaison
<liaison_at_[hidden]>) wrote:
> It is probably a stupid question, but, do we not that that VLAs in C++
> could lead to additional security issues and vulnerabilities caused
> by hard to handle stack overflows?
This is often a "reason" put in front from people that are against
VLA. But that is not much different from recursion, which also may
lead to stack overflow, but where you don't find so much pesting
against.
(And modern techniques that watch your stack help for both problems.)
Then there is also the point that I try to make in my common C/C++
core specification that if you don't want VLA (the beasts that you
allocate on the stack) you'd still should consider what C calls VM
types (variably modified types). These are basically pointers to VLA
and other derivations, and they are extremely helpfull for the
specification of function interfaces that can propagate array bounds.
Unfortunately, the C++ compiler that I know of that has partially
implemented VLA has got it entirely wrong. They allow VLA on the stack
(so they allow for all the possible stack explosion) but they don't
allow VM as function parameters (so they force the compiler to forget
array bounds when rewritten to a pointer).
Thanks
Jens
-- :: INRIA Nancy Grand Est ::: Camus ::::::: ICube/ICPS ::: :: ::::::::::::::: office Strasbourg : +33 368854536 :: :: :::::::::::::::::::::: gsm France : +33 651400183 :: :: ::::::::::::::: gsm international : +49 15737185122 :: :: http://icube-icps.unistra.fr/index.php/Jens_Gustedt ::
Received on 2021-01-30 09:42:11