From 88d65fb8b736a8b3aa2b4c85e5517095a1134a49 Mon Sep 17 00:00:00 2001
From: Robin Haberkorn <robin.haberkorn@googlemail.com>
Date: Mon, 25 Nov 2024 19:11:49 +0300
Subject: avoid dynamic stack allocation in teco_expressions_brace_return()

* This is not safe since the size of the stack object comes from the "outside" world,
  so stack overflows can theoretically be provoked by macros.
---
 src/expressions.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/expressions.c b/src/expressions.c
index 2424fb3..8f9b2cd 100644
--- a/src/expressions.c
+++ b/src/expressions.c
@@ -337,10 +337,7 @@ teco_expressions_brace_open(void)
 gboolean
 teco_expressions_brace_return(guint keep_braces, guint args, GError **error)
 {
-	/*
-	 * FIXME: Allocating on the stack might be dangerous.
-	 */
-	teco_int_t return_numbers[args];
+	g_autofree teco_int_t *return_numbers = g_new(teco_int_t, args);
 
 	for (guint i = args; i; i--)
 		return_numbers[i-1] = teco_expressions_pop_num(0);
-- 
cgit v1.2.3