First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 27180
Product:  
Component:  
Status: RESOLVED
Resolution: DUPLICATE of bug 26763
Assigned To: Not yet assigned to anyone <unassigned@gcc.gnu.org>
Host:
Reported against  
Priority:  
Severity:  
Target Milestone:  
 
 
Target:
Reporter: felix-gcc@fefe.de
Add CC:
CC:
Remove selected CCs
Build:
URL:
Summary:
Keywords:
Known to work:
Known to fail:

Attachment Description Type Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 27180 depends on: Show dependency tree
Show dependency graph
Bug 27180 blocks:

Additional Comments:






View Bug Activity   |   Format For Printing   |   Clone This Bug

Description:   Last confirmed: Opened: 2006-04-17 02:19 
I have this function:

static inline int range_ptrinbuf(const void* buf,unsigned long len,const void*
ptr) {
  register const char* c=(const char*)buf;
  return (c && c+len>c && (const char*)ptr-c<len);
}

I tested it with this test:

assert(range_ptrinbuf(buf,(unsigned long)-1,buf+1)==0);

With gcc 3.4.5, this passes (with and without optimization).
With gcc 4.1.0, this fails.  I put in a printf to see if any of the values is
incorrectly calculated -- it's "c+len>c" that incorrectly returns 0.  This is
with and without optimizer.

This is very bad because this kind of check is used to do security checks when
validating data from incoming network packets.  I was planning to use this
function to check data in incoming SMB packets.  This bug causes all kinds of
well-meaning security checks to silently fail.  I also compiled Samba and my
Linux kernel with gcc 4.1.  I'm feeling very uncomfortable now.  Please release
a fixed gcc version ASAP!

------- Comment #1 From Andrew Pinski 2006-04-17 02:27 ------- 

*** This bug has been marked as a duplicate of 26763 ***
First Last Prev Next    No search results available      Search page      Enter new bug