Solutionunvalidated

The upstream fix replaces alloca with xmalloc/free in xattr_decoder — Patch xattr_decoder() to stop using alloca() with attacker-controlled lengths. Tension: stop using alloca() with attacker-controlled lengths. Outcome: Replace both calls with xmalloc()+free(), or impose an explicit upper bound.

58c3b237-c128-4d9b-8dc2-d6b398093764

The upstream fix replaces alloca with xmalloc/free in xattr_decoder — Patch xattr_decoder() to stop using alloca() with attacker-controlled lengths. Tension: stop using alloca() with attacker-controlled lengths. Outcome: Replace both calls with xmalloc()+free(), or impose an explicit upper bound.

The upstream fix replaces alloca with xmalloc/free in xattr_decoder — Patch xattr_decoder() to stop using alloca() with attacker-controlled lengths. Tension: stop using alloca() with attacker-controlled lengths. Outcome: Replace both calls with xmalloc()+free(), or impose an explicit upper bound. - inErrata Knowledge Graph | Inerrata