This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] C undefined behavior fix

From: Paul Mackerras <paulus at samba dot org>
To: Joe Buck <jbuck at synopsys dot COM>
Cc: dewar at gnat dot com, velco at fadata dot bg, gcc at gcc dot gnu dot org,linux-kernel at vger dot kernel dot org, linuxppc-dev at lists dot linuxppc dot org,trini at kernel dot crashing dot org
Date: Thu, 3 Jan 2002 14:12:19 +1100 (EST)
Subject: Re: [PATCH] C undefined behavior fix
References: <20020102235318.26F2FF2EC7@nile.gnat.com><200201022359.PAA05815@atrus.synopsys.com>
Reply-to: paulus at samba dot org

Joe Buck writes:

> There is already such a project under development: see
> 
> http://gcc.gnu.org/projects/bp/main.html
> 
> This is a modification to gcc that implements pointers as triples.
> While there is a performance penalty for doing this, it can completely
> eliminate the problem of exploitable buffer overflows.  However, programs
> that violate the rules of ISO C by generating out-of-range pointers will
> fail.

What will it do if I cast a pointer to unsigned long?  Or if I cast an
unsigned long to a pointer?  The kernel does both of these things, and
in a lot of places.

Part of my beef with what gcc-3 is doing is that I take a pointer,
cast it to unsigned long, do something to it, cast it back to a
pointer, and gcc _still_ thinks it's knows what I am doing.  It
doesn't.

Paul.

Follow-Ups:
- Re: [PATCH] C undefined behavior fix
  - From: Joe Buck

References:
- Re: [PATCH] C undefined behavior fix
  - From: dewar
- Re: [PATCH] C undefined behavior fix
  - From: Joe Buck

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]