This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: GCC 3.0.3 PRs

From: Benjamin Kosnik <bkoz at redhat dot com>
To: Joe Buck <jbuck at synopsys dot com>
Cc: Mark Mitchell <mark at codesourcery dot com>, gcc at gcc dot gnu dot org, toon at moene dot indiv dot nluug dot nl
Date: Fri, 7 Dec 2001 16:03:56 -0800 (PST)
Subject: Re: GCC 3.0.3 PRs


> I think that 3720 should be considered a must-fix.  If people use stream
> I/O in security-critical programs, this kind of buffer overflow could lead
> to root exploits in programs that would be perfectly safe with a
> correct iostreams implementation.  I don't think it's ethical for us to
> ship with such a bug.

this is fixed in mainline by breaking the ABI.

> Also, it shouldn't be hard to fix it once agreement is reached on how.
> All that's needed is an upper bound on buffer size.

about 4962 bytes, apparently

Mark, I'm too busy to do this before Dec 15 sorry

Follow-Ups:
- Re: GCC 3.0.3 PRs
  - From: Mark Mitchell

References:
- Re: GCC 3.0.3 PRs
  - From: Joe Buck

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]