Libguestfs - Sep 2019 - [PATCH libnbd] configure: Ban use of Variable Length Arrays (VLAs).

Since we don't know much about the calling environment, which might
have a limited stack, might be taking input from untrusted sources, or
we might not have other stack protections enabled, it's best to be
cautious about using unbounded stack allocations.

We're not in fact using them in libnbd, but this change prevents them
from being added in future.
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 6ea3197..0332d77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -66,7 +66,7 @@ AC_ARG_ENABLE([gcc-warnings],
       [gcc_warnings=no]
 )
 if test "x$gcc_warnings" = "xyes"; then
-    WARNINGS_CFLAGS="-Wall -Werror"
+    WARNINGS_CFLAGS="-Wall -Wvla -Werror"
     AC_SUBST([WARNINGS_CFLAGS])
 fi
 
-- 
2.23.0

On 9/5/19 6:38 AM, Richard W.M. Jones wrote:
> Since we don't know much about the calling environment, which might
> have a limited stack, might be taking input from untrusted sources, or
> we might not have other stack protections enabled, it's best to be
> cautious about using unbounded stack allocations.
> 
> We're not in fact using them in libnbd, but this change prevents them
> from being added in future.
> ---
>  configure.ac | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
ACK
> diff --git a/configure.ac b/configure.ac
> index 6ea3197..0332d77 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -66,7 +66,7 @@ AC_ARG_ENABLE([gcc-warnings],
>        [gcc_warnings=no]
>  )
>  if test "x$gcc_warnings" = "xyes"; then
> -    WARNINGS_CFLAGS="-Wall -Werror"
> +    WARNINGS_CFLAGS="-Wall -Wvla -Werror"
>      AC_SUBST([WARNINGS_CFLAGS])
>  fi
>  
> 
-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org