This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/81694] VRP optimization may introduce buffer overflow vulnerabilities into applications
- From: "scdengyuan at gmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Thu, 03 Aug 2017 13:41:21 +0000
- Subject: [Bug tree-optimization/81694] VRP optimization may introduce buffer overflow vulnerabilities into applications
- Auto-submitted: auto-generated
- References: <bug-81694-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81694
--- Comment #7 from Yuan Deng <scdengyuan at gmail dot com> ---
When compiled with O0 or O1, the program work well,
inspite of val is overflowed, the program is actually very safe, and
can not be exploited.
But when compiled with O2 or O3, the result is different. The program
got a buffer overflow and can be exploited.
Actually, In my security reseach work, I have discovered many
exploitable vulnerabilities with this root cause in some products.
When compiled without VRP optimization, the vulnerability disapeared.
But if compiled with VRP optimization, the vulnerability is back.
So, I think it's definitely GCC's responsibility.
It's GCC's optimization which turn a non-exploitable program into a
exploitable program.
2017-08-03 21:17 GMT+08:00 pinskia at gcc dot gnu.org
<gcc-bugzilla@gcc.gnu.org>:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81694
>
> --- Comment #6 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
> Overflow cannot be checked after the fact. It needs to be checked before the
> overflow has happened. Just like a buffet overflow should not be checked
> after.
>
> --
> You are receiving this mail because:
> You reported the bug.