[SC-L] GCC and pointer overflows [LWN.net]
der Mouse
mouse at Rodents.Montreal.QC.CA
Thu May 1 10:37:08 EDT 2008
> The bug, which has been documented in a CERT advisory, affects C code
> in which, under some circumstances, buffer bounds checking can be
> optimized out to produce binaries that are susceptible to buffer
> overflows. [...]
> Of course, many/most SC-Lers will no doubt jump on this as another
> example of why C is such a dangerous language to write (secure) code
> in, and that's fine.
Actually, it isn't. It's a dangerous language to write sloppy, buggy
code in. Go read the advisory - it's only severely broken tests that
are affected. Such code has always been broken; the recent change just
changes the behaviour produced by such broken code, and I have trouble
getting worked up about it.
> But, I see the issue at least a little differently: a compiler making
> decisions for the programmer and producing executable code that does
> not accurately conform to what the programmer coded.
It accurately conforms to what the programmer coded, just not to what
the programmer intended to code. The "problem" affects only code that
depends on certain pointer computations whose behaviour has never been
promised by C.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the SC-L
mailing list