This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed int overflow behaviour in the security context

From: James Dennett <jdennett at acm dot org>
To: gcc at gcc dot gnu dot org
Date: Tue, 23 Jan 2007 23:05:49 -0800
Subject: Re: Signed int overflow behaviour in the security context
References: <45B4C11A.305@andreas.org> <m3ejpmc1op.fsf@localhost.localdomain> <45B54D40.1090107@andreas.org> <20070123000833.GY31955@synopsys.com> <45B585D1.1080202@andreas.org> <m3ejpm8hk0.fsf@localhost.localdomain> <45B5C12C.4030003@andreas.org> <4aca3dc20701230845l48940calc762194cd5f029c8@mail.gmail.com> <45B64108.9020603@andreas.org> <m3ac097iy6.fsf@localhost.localdomain> <45B68F80.5080701@andreas.org> <10701240158.AA23895@vlsi1.ultra.nyu.edu>

Richard Kenner wrote:
>> Oh, and teaching all of the programmers out there all the subtle nuances
>> of C and trying to get them to write proper code: good luck.  That
>> simply won't happen.
> 
> If people who write security-critical code in a programming language
> can't take time to learn the details of that language relevant to
> security issues (such as overflow handling),

Many of them can't, or don't...

> I think our society is in
> a great deal of trouble.

Your conclusion may well be correct.  The question for this group is:
what's the best that GCC can do to serve the community/society?

-- James

Follow-Ups:
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner

References:
- Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Joe Buck
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Daniel Berlin
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]