Hi Mans,

On Wed, Mar 13, 2013 at 3:29 AM, Måns Rullgård <m...@mansr.com> wrote:
> Tom Rini <tom.r...@gmail.com> writes:
>
>> On Tue, Mar 12, 2013 at 7:22 PM, Simon Glass <s...@google.com> wrote:
>>> Hi,
>>>
>>> Given that we seem to allow C99 features in U-Boot I wonder if it
>>> would be OK to use dynamic arrays in SPL?
>>>
>>> I am trying to replace:
>>>
>>> ptr = malloc(size);
>>>
>>> with:
>>>
>>> char ptr[size];
>>>
>>> to avoid use of malloc in SPL. Can I assume that is permitted?
>>
>> Without knowing the underlying mechanics of how that works, "maybe".
>
> How it works depends on the compiler.  Some compilers implement it by
> calling malloc().  GCC uses the stack.
>
> Regardless of how they are implemented, variable-length arrays should,
> in my opinion, never be used.  There is simply no way they can be used
> safely since no mechanism for detecting failure is provided.  If the
> requested size is too large, you will silently overflow the stack or end
> up with an invalid/null pointer.  In an environment without full memory
> protection, errors resulting from this are very hard to track down.

I suppose we could check the available stack space. However I don't
really see a clear stack bottom in U-Boot - I think it is set up to
grow downwards as much as needed. I can certainly add sanity checks on
the input values.

>
> If the size is somehow limited to a safe value, it is more efficient to
> simply allocate this maximum size statically.

Yes although this does waste BSS.

Regards,
Simon

>
> --
> Måns Rullgård
> m...@mansr.com
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to