|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-devel
Re: [Xen-devel] [PATCH] Off-by-one in cpu_gdt_init 
| On Mon, 2005-06-06 at 17:14 +0100, David Hopwood wrote:
> George Washington Dunlap III wrote:
> >  void __init cpu_gdt_init(struct Xgt_desc_struct *gdt_descr)
> >  {
> > -   unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
> > +   unsigned long frames[(gdt_descr->size >> PAGE_SHIFT)+1];
> 
> Variable-length arrays? Never use variable-length arrays in code that needs
> to be robust: you can't guarantee that the stack won't overflow. If it does,
> there is no way to detect that situtation (unlike malloc et al where you can
> check for NULL), you just get undefined behaviour.
Yes, and no.
It's pretty normal not to check malloc returns in init code: if it fails
what could be more informative than an OOPS?  You're in deep trouble
already.
The real reason for not putting variable length things on the stack is
that stack space is limited.  If you know there's a reasonable upper
bound, just use that in the array size.  If not, don't use the stack.
Cheers,
Rusty.
-- 
A bad analogy is like a leaky screwdriver -- Richard Braakman
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
 | 
 |  | 
  
    |  |  |