oss-sec mailing list archives
Re: gcc 4.2 optimizations and integer overflow checks
From: Marcus Meissner <meissner () suse de>
Date: Mon, 7 Apr 2008 18:29:56 +0200
On Mon, Apr 07, 2008 at 12:12:34PM -0400, Josh Bressers wrote:
Has anyone started to look at this yet: http://www.kb.cert.org/vuls/id/162289 I suspect this isn't going to be trivial to detect. Ideas are welcome. Thanks.
Please note this section: "Note: this issue does not strictly constitute a vulnerability in gcc itself. The behavior that gcc exhibits in this case is permitted by the ISO/IEC 9899:1999 C specification (ยง6.5.6p8). " The gcc folks have discussed this to death already and in the discussion the code received a -Wstrict-overflow option. > cat xx.c int f(int a, int b) { return a < a+b; } int g(int a) { return f(a,1<<30); } > LANG=C projects/gcc/BIN/bin/gcc -O2 -c xx.c -Wstrict-overflow -Wall xx.c: In function 'g': xx.c:2: warning: assuming signed overflow does not occur when assuming that (X + c) >= X is always true Ciao, Marcus
Current thread:
- gcc 4.2 optimizations and integer overflow checks Josh Bressers (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 09)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 10)
- Re: gcc 4.2 optimizations and integer overflow checks Marcus Meissner (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Solar Designer (Apr 18)
- Re: gcc 4.2 optimizations and integer overflow checks Richard Guenther (Apr 20)
- Re: gcc 4.2 optimizations and integer overflow checks Nico Golde (Apr 07)
- Re: gcc 4.2 optimizations and integer overflow checks Steven M. Christey (Apr 07)