This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: ACATS c380004

From: Florian Weimer <fw at deneb dot enyo dot de>
To: kenner at vlsi1 dot ultra dot nyu dot edu (Richard Kenner)
Cc: duncan dot sands at math dot u-psud dot fr, gcc at gcc dot gnu dot org
Date: Fri, 07 Jan 2005 16:37:57 +0100
Subject: Re: ACATS c380004
References: <10501071528.AA15192@vlsi1.ultra.nyu.edu>

* Richard Kenner:

>     Well, the information from valgrind shows that bad code is being
>     produced (eg: silly arg (-2147483640) to malloc()).  
>
> Right.  It's trying to allocate an amount of memory that overflows because
> it thinks it needs to allocate an array of 2**32 entries.  This can either
> end up allocating zero bytes, a negative number, or a large positive
> number depending on lot of random things.

Actually, this is a security issue.  I've even written an advisory for
it, but I received hardly any feedback.

  <http://cert.uni-stuttgart.de/advisories/calloc.php>

operator new[] in C++ is also affected.

References:
- Re: ACATS c380004
  - From: Richard Kenner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]