|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Off-by-one in cpu_gdt_init
On Mon, 2005-06-06 at 17:14 +0100, David Hopwood wrote:
> George Washington Dunlap III wrote:
> > void __init cpu_gdt_init(struct Xgt_desc_struct *gdt_descr)
> > {
> > - unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
> > + unsigned long frames[(gdt_descr->size >> PAGE_SHIFT)+1];
>
> Variable-length arrays? Never use variable-length arrays in code that needs
> to be robust: you can't guarantee that the stack won't overflow. If it does,
> there is no way to detect that situtation (unlike malloc et al where you can
> check for NULL), you just get undefined behaviour.
Yes, and no.
It's pretty normal not to check malloc returns in init code: if it fails
what could be more informative than an OOPS? You're in deep trouble
already.
The real reason for not putting variable length things on the stack is
that stack space is limited. If you know there's a reasonable upper
bound, just use that in the array size. If not, don't use the stack.
Cheers,
Rusty.
--
A bad analogy is like a leaky screwdriver -- Richard Braakman
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |