Page History

...

The BSD extension function {{alloca()}} behaves in a similar fashion to variable-length arrays; its use is not recommended \[[Loosemore 072007|AA. Bibliography#Loosemore 07]\].

...

Program stacks are frequently used for convenient temporary storage , because allocated memory is automatically freed when the function returns. Generally, the operating system will grow the stack as needed. However, growing the stack can fail due to a lack of memory or collision with other allocated areas of the address space (depending on the architecture). When the stack is exhausted, the operating system may terminate the program abnormally. This behavior can be exploited by an attacker to cause a denial-of-service attack in situations where the attacker can control or influence the amount of stack memory allocated.

Automated Detection

...

Tool	Version	Checker	Description
Section Coverity Prevent	Include Page c:Coverity_V c:Coverity_V	Section STACK_USE	Section can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM05-CPP. Avoid large stack allocations.

Bibliography

\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.5.2, "Array declarators", and Section 7.20.3, "Memory management functions"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "GDL Recursion"
\[[Loosemore 072007|AA. Bibliography#Loosemore 07]\] [Section 3.2.5, "Automatic Storage with Variable Size"|http://www.gnu.org/software/libc/manual/html_mono/libc.html#Variable-Size-Automatic]
\[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 16.2
\[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[van Sprundel 062006|http://ilja.netric.org/files/Unusual%20bugs.pdf]\] "Stack Overflow"

...