A GCC -fstack-protector vulnerability on arm64

Posted Sep 14, 2023 9:48 UTC (Thu) by ibukanov (subscriber, #3942)
Parent article: A GCC -fstack-protector vulnerability on arm64

Ada already in 1981 had variable-sized arrays that not only could be allocated on the stack but also returned to the caller. Moreover, stack overflow errors were properly detected and reported as exceptions. Compilers typically implemented that using a second stack.

I always wondered why C cannot just use something similar? Instead the standard came up with a solution with no possibility to check for stack overflow making VLA unusable in practice.

A GCC -fstack-protector vulnerability on arm64

Posted Sep 14, 2023 13:02 UTC (Thu) by khim (subscriber, #9252) [Link]

> I always wondered why C cannot just use something similar?

The fact that you could do something doesn't mean that you should do something.

> Compilers typically implemented that using a second stack.

At this point it's just better to stop pretending that you are using stack and use heap where you know you are doing that and not have compiler hide these gotches for you.

> Ada already in 1981 had variable-sized arrays that not only could be allocated on the stack but also returned to the caller.

And back then it was the only sensible way to avoid use of heap. And since Ada was unable to use heap safely for decades it was valuable tool. But Ada eventually took ideas from Rust and now that's possible. At that point trying to pretend that you are using stack when you are using heap instead just stopped being good idea.