On Fri, Mar 25, 2022 at 10:00 AM Paul Eggert <egg...@cs.ucla.edu> wrote: > > ... > > he possible > > security issue is that this size variable can be manipulated > > to enable mis-use via a stack overflow > That issue shouldn't happen here; i.e., the diagnostic is a false alarm.
I believe the security issue is similar to alloca - a silent failure that could lead to a wild write. A second concern is uninitialized data. Most people complain about the performance hit when using a VLA, however. I thought Gnulib had a fixed size/growable buffer. Maybe it can be used instead. Jeff
