oss-sec mailing list archives
Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|
From: Russ Allbery <eagle () eyrie org>
Date: Fri, 08 Nov 2019 09:02:02 -0800
Georgi Guninski <gguninski () gmail com> writes:
Any workarounds?
===poc=== #include <assert.h>
int foo(int a) {
assert(a+100 > a);
printf("%d %d\n",a+100,a);
return a;
}
int main() {
foo(100);
foo(0x7fffffff);
}
=========
As pointed out in the bug, if you want defined behavior from signed integer overflow, you can ask for it with -fwrapv: $ gcc -O3 -fwrapv -o foo foo.c $ ./foo 200 100 foo: foo.c:5: foo: Assertion `a+100 > a' failed. Aborted (core dumped) The C standard says this shouldn't be the default, but software that cares about avoiding undefined behavior should consider adding -fwrapv, or carefully writing the check to avoid overflow (something that, sadly, one needs to become expert in to use C relatively safely). Or, of course, use a different language that has more safety checks built into the language definition, although that's obviously a much broader (and probably off-topic) conversation. -- Russ Allbery (eagle () eyrie org) <https://www.eyrie.org/~eagle/>
Current thread:
- Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Georgi Guninski (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Russ Allbery (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| Florian Weimer (Nov 08)
- Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| John Haxby (Nov 08)