Bugtraq mailing list archives
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 18 Apr 2006 21:16:13 +0200
* Felix von Leitner:
static inline int range_ptrinbuf(const void* buf,unsigned long len,const void* ptr) {
register const char* c=(const char*)buf; /* no pointer arithmetic on void* */
return (c && c+len>c && (const char*)ptr-c<len);
}
It seems that the problem is that c + len > c is equivalent to len != 0. Either c + len is within the same object c points to, and it's value is larger than c (provided that len is not zero), or c + len is undefined (because it's not the same object). In the latter case, the outcome is not specified by the C standard (or the GCC documentation), so it's permissible to choose len != 0 as the value, too. I wouldn't rule out a compiler bug in this area, but the test case is invalid.
Current thread:
- gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner (Apr 17)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge (Apr 19)
- <Possible follow-ups>
- RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01 (Apr 18)