On 08/04/2016 08:16 PM, Jeff Law wrote: > On 08/04/2016 01:06 PM, Pedro Alves wrote: >> How wedded are we to alloca? > I would think only in the sense of existing codebase usage. > > Based on how often alloca usage has resulted in a security vulnerability > it's clear we as developers can't use it correctly on a consistent > basis, thus I'd like to abolish it :-) I'll settle for warning folks > when they use it incorrectly though.
Most allocas I've seen in my life were written to simply build strings at run time, while lazily avoiding to think about writing a "free" call, rather than having been written for optimizing some fast path, or for async-signal safe reasons. My guess is that auto_vec<char, MAX_ALLOCA_SIZE> covers any fast-path-handling requirement in gcc. (Where alloca is being used for async-signal safely reasons you can't have a malloc fallback anyway, so out of scope for the proposed protected_alloca too.) Thanks, Pedro Alves
