Variable-length arrays are not part of the C++ standard, and are
dangerous to use because they allocate a potentially-unbounded
amount of data on the stack. In addition, they trigger a clang warning
(-Wvla-extension) which is currently suppressed in Chromium builds.
This patch prevents the use of VLAs in launch_posix.cc and
credentials.cc by hardcoding a compile-time constant value for
use when PTHREAD_STACK_MIN when is not constant already. This allows
the sandbox code to remain async-signal-safe by allocating on the
stack without using VLAs.
To ensure the hardcoded value is large enough, we run a CHECK during
initialization. We use the initializer of an otherwise-unused global
variable to do so.
Bug: 349656479
Change-Id: I5f5661464e77bac36456d0b72530a0fba60a55bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5783847
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Devon Loehr <dloehr@google.com>
Reviewed-by: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/main@{#1352736}
8a1b40c608