This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Document arithmetic overflow semantics

From: Mark Hahn <hahn at physics dot mcmaster dot ca>
To: gcc at gcc dot gnu dot org
Date: Sat, 15 Feb 2003 13:53:56 -0500 (EST)
Subject: Re: [PATCH] Document arithmetic overflow semantics

> > The apt_get_chunk_size bug referenced in the end was actually
> > exploited by a worm.
> > 
> > Typical C programmers do not understand the issue.  The rebel inside
> > still thinks that GCC should optimize aggressively in this area, just
> > to prove the point that C is unusable for any real work, but I doubt
> > that this is practical.
> 
> We should document options encouraged for compiling secure code.  This

yes!  I'm a lowly gcc end-user, but I'm apalled that gcc-gods would 
even consider compromising optimization in favor of some nebulous 
make-bugs-safer argument.

gcc is not a security-fix tool.  please permit users to select 
absolute-max-optimization somehow; this is orthogonal to gcc's 
extremely valuable diagnostics about undefined/questionable code.

thanks, mark hahn.

Follow-Ups:
- Re: [PATCH] Document arithmetic overflow semantics
  - From: Neil Booth

References:
- Re: [PATCH] Document arithmetic overflow semantics
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]