On 1/20/19 4:36 PM, Bruno Haible wrote: > Pádraig Brady wrote: >> I've not analyzed the security concerns in detail, but in general >> large allocations on the stack are bad for security > > Indeed. Just reading this CVE [1] from a week ago, makes me want to > disable all large allocations on the stack.
Yes please. Any chance to remove it from gettext.h ? #if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS char msg_ctxt_id[msgctxt_len + msgid_len]; #else > > Bruno > > [1] https://www.openwall.com/lists/oss-security/2019/01/09/3 Regards, Tim
