This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: ACATS c380004
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: kenner at vlsi1 dot ultra dot nyu dot edu (Richard Kenner)
- Cc: duncan dot sands at math dot u-psud dot fr, gcc at gcc dot gnu dot org
- Date: Fri, 07 Jan 2005 16:37:57 +0100
- Subject: Re: ACATS c380004
- References: <10501071528.AA15192@vlsi1.ultra.nyu.edu>
* Richard Kenner:
> Well, the information from valgrind shows that bad code is being
> produced (eg: silly arg (-2147483640) to malloc()).
>
> Right. It's trying to allocate an amount of memory that overflows because
> it thinks it needs to allocate an array of 2**32 entries. This can either
> end up allocating zero bytes, a negative number, or a large positive
> number depending on lot of random things.
Actually, this is a security issue. I've even written an advisory for
it, but I received hardly any feedback.
<http://cert.uni-stuttgart.de/advisories/calloc.php>
operator new[] in C++ is also affected.