oss-sec mailing list archives
Re: gcc 4.2 optimizations and integer overflow checks
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 7 Apr 2008 12:17:09 -0400 (EDT)
While an unusual bug, we decided to assign a CVE for it. - Steve ====================================================== Name: CVE-2008-1685 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1685 Reference: CERT-VN:VU#162289 Reference: URL:http://www.kb.cert.org/vuls/id/162289 gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might remove length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks.
Current thread:
- gcc 4.2 optimizations and integer overflow checks Josh Bressers (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 09)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 10)
- Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Richard Guenther (Apr 20)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)