...
Validate size arguments used in VLA declarations. The following example corrects security issue in the example above by testing the size argument to assure it is in a valid range, 0 to a user defined constant.
| Code Block |
|---|
#define MAX_ARRAY 1024 |
...
| Code Block |
|---|
void func(size_t s) { vla[s]; ... } ... if (size < MAX_ARRAY && size != 0) { func(size); } else { /* Handle Error */ } ... |
References
Feline 1: http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt