This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: US-CERT Vulnerability Note VU#162289

On Mon, Apr 07, 2008 at 02:10:04PM -0400, Robert C. Seacord wrote:
> Joe,
> 
> Response below.
> >On Mon, Apr 07, 2008 at 01:28:21PM -0400, Robert C. Seacord wrote:
> >  
> >>You are also right that the popularity of gcc is one of the reasons we 
> >>decided to publish on this.  If you identify other compilers that a) are 
> >>relatively popular, b) have changed their behavior recently, and c) 
> >>silently optimize out overflow checks we will consider publishing 
> >>vulnerability notes for those compilers as well.
> >>    
> >
> >What is the justification for requirement b)?  We identified two distinct
> >proprietary compilers that also do this optimization, but it isn't a
> >recent change in behavior.
> >  
> my thinking is that if this behavior has been in place for many years, 
> for example, users will have had the opportunity to discover the changed 
> behavior.  our goal here is to disseminate this information more quickly.

But if your message motivates a user to switch compilers, the user might
switch from gcc to another compiler that has for a long time performed the
optimization.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]