This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context

Steven Bosscher wrote:
>> "It's not my fault if people write buggy software" is a lame excuse
>> for sloppy engineering on the part of gcc.
> So basically you're saying gcc developers should compensate for other
> people's sloppy engineering?  ;-)

This might be a little exaggerated, but there's certainly some truth to
it.  Essentially, the vast majority of code in your Linux or BSD system
was written by people who have no idea about the nasty things that can
happen when their signed ints overflow.  I guess you could call that
"sloppy engineering", but unfortunately, this code and these programmers
is all that Open Source got.

The point is that gcc actually *can* compensate for this particular
problem, whereas any other approach is infeasible for the sheer volume
of code that needs to be touched.

Yup, you're giving up a little performance for that.  Yup, it's the
other people who wrote broken code, and what gcc currently does is
completely mandated by the ISO standard.  Still, we're talking about
dozens of undiscovered vulnerabilities, and just about any Linux or BSD
box out there might be affected.

Andreas
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]