Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Major gcc 4.1.1 and up security issue

From: Marcin Owsiany <marcin () owsiany pl>
Date: Mon, 22 Jan 2007 20:42:35 +0000
On Mon, Jan 22, 2007 at 02:50:21PM -0500, Valdis.Kletnieks () vt edu wrote:

It's generally considered performance-crippling
to add inline code that does a "test condition/branch" pair after *every single*
opcode that might cause an overflow - so the C paradigm is to leave them out
and have the programmer code tests when actually needed.


Right, seems that I had too much Java for too long recently - I tend to
think of terms of exceptions being thrown in such cases, not
assembly-level flag checking...


You think it's bad *now*, where you have to force-feed a 2-billion-something
value in to cause an integer overflow, you obviously aren't old enough to have
programmed on 16-bit machines, where numbers around 32,000 were sufficient,


Actually, I'm old enough to have programmed on 8-bit machines, but we're
getting off-topic here :-)

Marcin
-- 
Marcin Owsiany <marcin () owsiany pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: