Merge branch '2363-alloca-docs' into 'master'

galloca: Clarify alloca() sizes must always be controlled by the program Closes #2363 See merge request GNOME/glib!2014
2024-11-11 11:56:16 +01:00 · 2021-03-25 17:27:23 +00:00 · 2021-03-25 17:27:23 +00:00 · 760ba5c4f1
commit 760ba5c4f1
parent 55cbc31517 b657e78add
1 changed files with 11 additions and 0 deletions
--- a/glib/galloca.h
+++ b/glib/galloca.h
@ -81,6 +81,11 @@ G_END_DECLS
 *   way as out of stack space situations from infinite function recursion, i.e.
 *   with a segmentation fault.
 *
+ * - Allowing @size to be specified by an untrusted party would allow for them
+ *   to trigger a segmentation fault by specifying a large size, leading to a
+ *   denial of service vulnerability. @size must always be entirely under the
+ *   control of the program.
+ *
 * - Special care has to be taken when mixing alloca() with GNU C variable sized arrays.
 *   Stack space allocated with alloca() in the same scope as a variable sized array
 *   will be freed together with the variable sized array upon exit of that scope, and
@ -96,6 +101,12 @@ G_END_DECLS
 * 
 * Wraps g_alloca() in a more typesafe manner.
 * 
+ * As mentioned in the documentation for g_alloca(), @n_structs must always be
+ * entirely under the control of the program, or you may introduce a denial of
+ * service vulnerability. In addition, the multiplication of @struct_type by
+ * @n_structs is not checked, so an overflow may lead to a remote code execution
+ * vulnerability.
+ *
 * Returns: Pointer to stack space for @n_structs chunks of type @struct_type
 */
 #define g_newa(struct_type, n_structs)	((struct_type*) g_alloca (sizeof (struct_type) * (gsize) (n_structs)))