The Linux Kernel recently removed all use of Variable Length Arrays, due to performance and security reasons. (Source)
What are these security reasons? What makes variable length arrays dangerous?
Asked
Active
Viewed 73 times
0
-
2These can easily overflow the stack, even if used correctly otherwise. – Eugene Sh. Apr 08 '19 at 15:59
-
2You write: `int array[n];` — do you check that `n` is big enough (not negative, not zero) and small enough (not going to blow the remaining space on the stack)? Do you know how much space is left on the stack? – Jonathan Leffler Apr 08 '19 at 15:59