...
C99 includes support for variable length arrays. If the value used for the length of the array is taken from user input, an attacker could cause the program to use a large number of stack pages, possibly resulting in the process being killed due to lack of memory, or simply cause the stack pointer to point to a different region of memory. The latter could result in a page fault and the process being killed or a write to an arbitrary memory location.
Non-compliant code example:
| Code Block |
|---|
Â
|
Compliant example:
| Code Block |
|---|
Â
|
Excessive recursion also requires the kernel to grow the autostack, and can thus lead to the process being killed due to lack of memory.Recursion