This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: US-CERT Vulnerability Note VU#162289

From: Joe Buck <Joe dot Buck at synopsys dot COM>
To: "Robert C. Seacord" <rcs at cert dot org>
Cc: mark at codesourcery dot com, gcc at gcc dot gnu dot org, Chad Dougherty <crd at cert dot org>
Date: Mon, 7 Apr 2008 11:00:27 -0700
Subject: Re: US-CERT Vulnerability Note VU#162289
References: <47FA59B5.5000606@cert.org>

On Mon, Apr 07, 2008 at 01:28:21PM -0400, Robert C. Seacord wrote:
> You are also right that the popularity of gcc is one of the reasons we 
> decided to publish on this.  If you identify other compilers that a) are 
> relatively popular, b) have changed their behavior recently, and c) 
> silently optimize out overflow checks we will consider publishing 
> vulnerability notes for those compilers as well.

What is the justification for requirement b)?  We identified two distinct
proprietary compilers that also do this optimization, but it isn't a
recent change in behavior.

Follow-Ups:
- Re: US-CERT Vulnerability Note VU#162289
  - From: Robert C. Seacord

References:
- Re: US-CERT Vulnerability Note VU#162289
  - From: Robert C. Seacord

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]