This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] Off-by-one in cpu_gdt_init

On Mon, 2005-06-06 at 17:14 +0100, David Hopwood wrote:
> George Washington Dunlap III wrote:
> >  void __init cpu_gdt_init(struct Xgt_desc_struct *gdt_descr)
> >  {
> > -   unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
> > +   unsigned long frames[(gdt_descr->size >> PAGE_SHIFT)+1];
> Variable-length arrays? Never use variable-length arrays in code that needs
> to be robust: you can't guarantee that the stack won't overflow. If it does,
> there is no way to detect that situtation (unlike malloc et al where you can
> check for NULL), you just get undefined behaviour.

Yes, and no.

It's pretty normal not to check malloc returns in init code: if it fails
what could be more informative than an OOPS?  You're in deep trouble

The real reason for not putting variable length things on the stack is
that stack space is limited.  If you know there's a reasonable upper
bound, just use that in the array size.  If not, don't use the stack.

A bad analogy is like a leaky screwdriver -- Richard Braakman

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>