This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PR19351, C++] Fix heap overflow in operator new[]
On 2/7/2011 9:19 AM, Gabriel Dos Reis wrote:
> How is it conservative to enable a compiler bug by default and let it be
> a known vector for security hole?
On many systems it's not a security hole -- because there is no concept
of security in the sense of a "kernel" vs. "userspace", or, even
"security" at all.
I realize you think it's a compiler bug, but even if it is, it's
certainly not a bug in the sense that calling the wrong virtual function
would be a bug, or in the sense that computing "2 + 2" and getting "5"
would be a bug.
When an application programmer compiles with a new version of GCC and
sees that their application has gotten bigger, there natural tendency is
to believe that reflects something wrong with the compiler. If their
application is such that there was no risk of overflow before (either
because the inputs were chosen such that this is impossible, or because
they explicitly checked for overflow in their own code), then we have
introduced a cost, with no benefit to them.
I have already told you how to get the outcome you desire: convince
Nathan and Jason. Please take it up with them; there is no benefit to
you in arguing about it with me at this point.
--
Mark Mitchell
CodeSourcery
mark@codesourcery.com
(650) 331-3385 x713
- References:
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]
- Re: [PR19351, C++] Fix heap overflow in operator new[]