oss-sec mailing list archives

Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|

From: John Haxby <john.haxby () oracle com>
Date: Fri, 8 Nov 2019 12:29:50 +0000

On 8 Nov 2019, at 12:06, John Haxby <john.haxby () oracle com> wrote:

In this particular case, the assert() will always trigger if the assert is on "a > INT_MAX-100" because that is well 
defined.   Does ubsan catch this issue?


Answering my own question:

foo.c:6:2: runtime error: signed integer overflow: 2147483647 + 99 cannot be represented in type 'int'
a.out: foo.c:6: foo: Assertion `a+100 > a' failed.

jch

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
  - Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery (Nov 08)
  - Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer (Nov 08)