oss-sec mailing list archives
Re: gcc 4.2 optimizations and integer overflow checks
From: Marcus Meissner <meissner () suse de>
Date: Fri, 18 Apr 2008 13:18:32 +0200
On Thu, Apr 10, 2008 at 02:31:13PM -0400, Steven M. Christey wrote:
On Wed, 9 Apr 2008, Nico Golde wrote:Hi Steven, * Steven M. Christey <coley () linus mitre org> [2008-04-07 18:24]:While an unusual bug, we decided to assign a CVE for it.[...] Just stumbled upon CVE-2006-1902, look spretty much the same to me, is this a dup?Nice find! My immediate suspicion is that they're not the same, based solely on affected versions - CVE-2008-1685 has a specific affected version range because it changed behaviors in 4.2.0. Maybe that change came out of followup analysis stemming from CVE-2006-1902. But, I'm not completely sure. Solar?
They are mostly unrelated, one is about signed integers, while the new one is "pointer + offset" related. Ciao, Marcus
Current thread:
- gcc 4.2 optimizations and integer overflow checks Josh Bressers (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 09)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 10)
- Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Richard Guenther (Apr 20)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)