oss-sec mailing list archives

Re: gcc 4.2 optimizations and integer overflow checks

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 7 Apr 2008 12:17:09 -0400 (EDT)


While an unusual bug, we decided to assign a CVE for it.

- Steve

======================================================
Name: CVE-2008-1685
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1685
Reference: CERT-VN:VU#162289
Reference: URL:http://www.kb.cert.org/vuls/id/162289

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not
used, considers the sum of a pointer and an int to be greater than or
equal to the pointer, which might remove length testing code that was
intended as a protection mechanism against integer overflow and buffer
overflow attacks.

Current thread:

gcc 4.2 optimizations and integer overflow checks Josh Bressers (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)
  - Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
    - Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 07)
  - Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 09)
    - Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 10)
    - Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 18)
    - Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 18)
    - Re: gcc 4.2 optimizations and integer overflow checks Richard Guenther (Apr 20)
  - Re: gcc 4.2 optimizations and integer overflow checks Florian Weimer (Apr 11)
- Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 07)