This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: US-CERT Vulnerability Note VU#162289
On Tue, Apr 08, 2008 at 01:09:18PM +0100, Dave Korn wrote:
> ~ $ gcc -O3 -S -xc -o 2.s -
> extern void foo (char *buf, int len);
> extern void bar (char *buf);
>
> void foo (char *buf, int len)
> {
> if (buf+len < buf)
> {
> bar (buf);
> }
> return;
> }
Note that if buf is a char *, there's no way to know that it's the
start of an object. So you're not testing the same thing they were
talking about; calling foo (&str[2], -1) is completely valid C.
--
Daniel Jacobowitz
CodeSourcery