On 24 Oct 16:35, Jakub Jelinek wrote: > On Thu, Oct 23, 2014 at 07:41:12PM +0400, Ilya Verbin wrote: > > > malloc can fail, SIGSEGV in response to that is not desirable. > > > Can't you fallback to alloca, or use just alloca, or use alloca > > > with malloc fallback? > > > > I replaced it with alloca. > > There is a risk if a suid or otherwise priviledge escalated program > uses it and attacker passes huge env vars. > Perhaps use alloca if it is <= 2KB and malloc otherwise, and in that case > if malloc fails, just do a fatal error?
Why is this more preferable than just a malloc + fatal error? This function is executed only once at plugin initialization, therefore no real performance gain could be achived. Thanks, -- Ilya
