oss-sec mailing list archives
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|
From: John Haxby <john.haxby () oracle com>
Date: Fri, 8 Nov 2019 12:29:50 +0000
On 8 Nov 2019, at 12:06, John Haxby <john.haxby () oracle com> wrote: In this particular case, the assert() will always trigger if the assert is on "a > INT_MAX-100" because that is well defined. Does ubsan catch this issue?
Answering my own question: foo.c:6:2: runtime error: signed integer overflow: 2147483647 + 99 cannot be represented in type 'int' a.out: foo.c:6: foo: Assertion `a+100 > a' failed. jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)