This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: US-CERT Vulnerability Note VU#162289
- From: Mark Mitchell <mark at codesourcery dot com>
- To: "Robert C. Seacord" <rcs at cert dot org>
- Cc: gcc at gcc dot gnu dot org, Chad Dougherty <crd at cert dot org>
- Date: Mon, 07 Apr 2008 11:17:00 -0700
- Subject: Re: US-CERT Vulnerability Note VU#162289
- References: <47FA59B5.5000606@cert.org> <47FA631E.3010203@codesourcery.com>
Mark Mitchell wrote:
"Some compilers (including, at least, GCC, PathScale, and xlc) optimize
away incorrectly coded checks for overflow. Applications containing
these incorrectly coded checks may be vulnerable if compiled with these
compilers."
I've now been told that the LLVM compiler also does this optimization.
--
Mark Mitchell
CodeSourcery
mark@codesourcery.com
(650) 331-3385 x713