Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ian Lance Taylor <iant <at> google.com>
Subject: Re: US-CERT Vulnerability Note VU#162289
Newsgroups: gmane.comp.gcc.devel
Date: Monday 7th April 2008 17:59:18 UTC (over 9 years ago)
"Andrew Pinski"  writes:

> On Mon, Apr 7, 2008 at 10:28 AM, Robert C. Seacord  wrote:
>>  I believe the vulnerability is that gcc may *silently* discard the
overflow
>> checks and that this is a recent change in behavior.
>
> No it is not recent, unless you consider 1998 recent :).  I don't know
> how many times but we have not changed the behavior of GCC with
> respect of signed integer overflow being undefined.  Since the loop
> optimizers have said this before, we just added an extra pass which
> depends on it more.  I guess you did not read the GCC mailing list
> before posting this Vulnerability because we already discussed this
> many many times before around the time GCC 4.2.0 came out.
>
> Also try -Wstrict-overflow=5 in GCC 4.2.3 and in GCC 4.3.0, we already
> warn about most if not all cases already.

No, read the advisory carefully (from a compiler perspective, it's
unfortunate that it does not give a complete test case).  This
advisory is not about undefined signed overflow.  This is about adding
a value to a pointer such that the pointer no longer points into the
same object, which is a completely different type of undefined
behaviour.  C99 section 6.5.6, paragraph 8.  gcc's behaviour changed
with the patch for PR 27039.

Although this is not undefined signed overflow, it is not unrelated
from the user's perspective, and I plan to incorporate it into the
-fstrict-overflow/ -Wstrict-overflow regime.

Ian
 
CD: 3ms