[SC-L] GCC and pointer overflows [LWN.net]
Kenneth Van Wyk
ken at krvw.com
Thu May 1 09:13:44 EDT 2008
FYI, here's an interesting article (and follow-on discussions) about a
recent bug in the GCC compiler collection.
http://lwn.net/Articles/278137/
The bug, which has been documented in a CERT advisory, affects C code
in which, under some circumstances, buffer bounds checking can be
optimized out to produce binaries that are susceptible to buffer
overflows. The article includes a couple examples that really help
illustrate the issue -- very interesting reading, IMHO.
Of course, many/most SC-Lers will no doubt jump on this as another
example of why C is such a dangerous language to write (secure) code
in, and that's fine. But, I see the issue at least a little
differently: a compiler making decisions for the programmer and
producing executable code that does not accurately conform to what the
programmer coded. We've all heard of security-related optimizing
issues for years, right? Well, here's a prime example of one in action.
Cheers,
Ken
-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3240 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20080501/b01ccf74/attachment.bin
More information about the SC-L
mailing list