GNU bug report logs - #18410
Use SAFE_ALLOCA etc. to avoid unbounded stack allocation.

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Fri, 5 Sep 2014 06:10:02 UTC

Severity: wishlist

Tags: patch

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #55 received at 18410 <at> debbugs.gnu.org (full text, mbox):

From: "Demetrios Obenour" <demetriobenour <at> gmail.com>
To: "'Paul Eggert'" <eggert <at> cs.ucla.edu>,
 "'Stefan Monnier'" <monnier <at> iro.umontreal.ca>
Cc: 18410 <at> debbugs.gnu.org
Subject: RE: bug#18410: Use SAFE_ALLOCA etc. to avoid unbounded stack
 allocation.
Date: Sun, 7 Sep 2014 23:17:30 -0400

This is crucial. Otherwise, a security vulnerability could result.

MAX_ALLOCA should not be larger than the page size for the target architecture.

Demetrios Obenour

-----Original Message-----
From: bug-gnu-emacs-bounces+demetriobenour=gmail.com <at> gnu.org [mailto:bug-gnu-emacs-bounces+demetriobenour=gmail.com <at> gnu.org] On Behalf Of Paul Eggert
Sent: Sunday, September 7, 2014 10:38 PM
To: Stefan Monnier
Cc: 18410 <at> debbugs.gnu.org
Subject: bug#18410: Use SAFE_ALLOCA etc. to avoid unbounded stack allocation.

Stefan Monnier wrote:
> MAX_ALLOCA is chosen small so that we can allocate several/many 
> objects of size MAX_ALLOCA.

That's one reason, but another is that stack-overflow checking often relies on guard pages.  If we blindly increase MAX_ALLOCA (or some variant of it, just for call-process) Emacs could bypass stack-overflow checking, resulting in behavior that could be worse than simply dumping core.

If I understand things correctly, Dmitry's recent stack-overflow changes don't affect this, as they don't deal with the guard-page region size.
This bug report was last modified 10 years and 258 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.