LKML Archive on
 help / Atom feed
From: "Uecker, Martin" <>
To: "" <>
Cc: "" <>,
	"" <>,
	"" <>
Subject: Re: VLAs and security
Date: Tue, 4 Sep 2018 18:22:18 +0000
Message-ID: <> (raw)
In-Reply-To: <>

Am Dienstag, den 04.09.2018, 10:00 +0200 schrieb Dmitry Vyukov:
> On Tue, Sep 4, 2018 at 8:27 AM, Uecker, Martin
> <> wrote:
> > Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds:

Hi Dmitry,

> Compiler and KASAN should still be able to do checking against the
> static array size.

...and it is probably true that this is currently more useful
than the limited amount of checking compilers can do for VLAs.

> If you mean that there is some smaller dynamic logical bound n (<N)
> and we are not supposed to use memory beyond that, 

Yes, this is what I mean. 

My concern is that this dynamic bound is valuable information
which was put there by programmers by hand and I believe that
this information can not always be recovered automatically
by static analysis. So by removing VLAs from the source tree,
this information ist lost.

> then KMSAN [1] can
> detect uses of the uninitialized part of the array. So we have some
> coverage on the checking side too.
> [1]

But detecting reads of uninitialized parts can detect only some
of the errors which could be detected with precise bounds.
It can not detect out-of-bounds writes (which still fall into
the larger fixed-size array) and it does not detect out-of-bounds
reads (which still fall into the larger fixed-size array) if
the larger fixed-size array was completely initialized
before for some reason.


  reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-02  8:08 Uecker, Martin
2018-09-02 17:40 ` Kees Cook
2018-09-03  7:39   ` Uecker, Martin
2018-09-03 21:28     ` Linus Torvalds
2018-09-04  6:27       ` Uecker, Martin
2018-09-04  8:00         ` Dmitry Vyukov
2018-09-04 18:22           ` Uecker, Martin [this message]
2018-09-05  7:35             ` Dmitry Vyukov

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Newsgroup available over NNTP:

AGPL code for this site: git clone public-inbox