Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: cts () INTERNETCDS COM (Craig Spannring)
Date: Tue, 21 Jul 1998 15:00:19 -0700
Kragen writes:
I've heard that bounds-checking typically increases the time to do things by 30-50%. The bounds-checking egcs people are optimistic that this can be reduced. Even so, it's much smaller than the variance introduced by different degrees of optimization and efficient design.
Since C was never designed to do bounds checking it will be hard to retrofit it efficiently. Other languages such as Ada have a much easier time. For instance if you compile the following program with gnat the compiler figures out that no array bounds checking is needed and you take a 0% performance hit. with Ada.Text_Io; use Ada.Text_Io; with Ada.Integer_Text_Io; use Ada.Integer_Text_Io; procedure Foo is type My_Index is range -10..10; type My_Array is array(My_index) of Integer; A: My_Array; function Sum(Arr: in My_Array) return Integer is Result: Integer := 0; begin for I in My_Index loop Result := Result + Arr(I); end loop; return Result; end Sum; T: Integer; begin for I in My_Index loop Put("Input a number "); Get(A(I)); end loop; Put("The sum is "); Put(Sum(A)); New_Line; end Foo; In fact the gnat people say that the assembly output is almost identical to what gcc would produce with an equivalent C program. I haven't written a lot of Ada code and none professionally, but I did play around writing the bootstrap code for a PC once. The boot strap code needs to fit into the first 7K of a floppy and that's not a lot of space. If the code had raised any exceptions the required runtime exception functions would not have fit in the space allowed. It was the code size I had to worry about, not the speed, but in this case being able to show that I wasn't taking a code size hit also showed that I wasn't taking a performance hit either. -- ======================================================================= Life is short. | Craig Spannring Ski hard, Bike fast. | cts () internetcds com --------------------------------+------------------------------------ Any sufficiently perverted technology is indistinguishable from Perl. =======================================================================
Current thread:
- Re: New Java Security Flaw Found, (continued)
- Re: New Java Security Flaw Found Sean Garagan (Jul 20)
- Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
- N-Base Vulnerability Advisory TTSG (Jul 20)
- IRIX 6.4 ioconfig(1M) and disk_bandwidth(1M) Vulnerability SGI Security Coordinator (Jul 20)
- IRIX 6.3 & 6.4 mailcap vulnerability SGI Security Coordinator (Jul 20)
- Bounds Checking Aleph One (Jul 20)
- Re: Bounds Checking Ari Heitner (Jul 21)
- Re: Bounds Checking Andrew McNaughton (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Andy Church (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)