[gnutls-devel] GnuTLS | Reconsidering use of VLAs and alloca() (#684)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 25 10:47:08 CET 2019


- alloca() is used in the guile/src/core.c. The code around there looks very suspicious to me, it might need a review. E.g. it assumes that scm_to_locale_stringbuf() does not alter the byte-length of the input when it does charset transcoding. If that is the case, the output may be truncated and wouldn't work as credentials any more.

- guarded VLA is ok as far as the limit isn't too high. But it needs manual checks when introducing new code. Just saying, that one is playing with fire when using VLAs. In your example, what are you going to do if n >= 128 ? Fallback to calloc() or throw an error ? I suggest to only use VLAs (if at all) when it comes to performance optimization. There is no urgent need, but in the long term...

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/684#note_134831843
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190125/974f4f6d/attachment.html>


More information about the Gnutls-devel mailing list