oss-sec mailing list archives
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 08 Nov 2019 20:20:55 +0100
* Russ Allbery:
The C standard says this shouldn't be the default, but software that cares about avoiding undefined behavior should consider adding -fwrapv, or carefully writing the check to avoid overflow (something that, sadly, one needs to become expert in to use C relatively safely).
The C standard doesn't *require* a particular behavior (for non-atomic integers). Each time this comes up in the committees, more strict requirements do not make it into the text. For example, the recent P0907R4 for C++, “Signed Integers are Two’s Complement” <http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0907r4.html> does not require it, either: | /Status-quo/ If a signed operation would naturally produce a value | that is not within the range of the result type, the behavior is | undefined.
Current thread:
- Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)