oss-sec mailing list archives

Re: gcc 4.2 optimizations and integer overflow checks

From: Marcus Meissner <meissner () suse de>
Date: Fri, 18 Apr 2008 13:18:32 +0200

On Thu, Apr 10, 2008 at 02:31:13PM -0400, Steven M. Christey wrote:


On Wed, 9 Apr 2008, Nico Golde wrote:

Hi Steven,
* Steven M. Christey <coley () linus mitre org> [2008-04-07 18:24]:

While an unusual bug, we decided to assign a CVE for it.

[...]
Just stumbled upon CVE-2006-1902, look spretty much the same
to me, is this a dup?


Nice find!

My immediate suspicion is that they're not the same, based solely on
affected versions - CVE-2008-1685 has a specific affected version range
because it changed behaviors in 4.2.0.  Maybe that change came out of
followup analysis stemming from CVE-2006-1902.

But, I'm not completely sure.  Solar?


They are mostly unrelated, one is about signed integers, while the
new one is "pointer + offset" related.

Ciao, Marcus

Current thread:

gcc 4.2 optimizations and integer overflow checks Josh Bressers (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)
  - Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
    - Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 07)
  - Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 09)
    - Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 10)
    - Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 18)
    - Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 18)
    - Re: gcc 4.2 optimizations and integer overflow checks Richard Guenther (Apr 20)
  - Re: gcc 4.2 optimizations and integer overflow checks Florian Weimer (Apr 11)
- Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 07)