On 5/6/21 10:30 AM, Warner Losh wrote: > > But for the real answer, I need to contact the original authors of > this part of the code (they are no longer involved day-to-day in > the bsd-user efforts) to see if this scenario is possible or not. If > it's easy to find out that way, we can either know this is safe to > do, or if effort is needed to make it safe. At present, I've seen > enough and chatted enough with others to be concerned that > the change would break proper emulation. Do we have a feel for the maximum amount of memory being used by the various alloca() replaced in this series? If so, can we just stack-allocate an array of bytes of the maximum size needed? Then we avoid alloca() but also avoid the dynamic memory management that malloc() would introduce. Basically, it boils down to auditing why the alloca() is safe, and once we know that, replacing the variable-sized precise alloca() with its counterpart statically-sized array allocation, at the expense of some wasted stack space when the runtime size does not use the full compile-time maximum size. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
