US-CERT Vulnerability Note VU#162289
Mark Mitchell
mark@codesourcery.com
Tue Apr 8 16:07:00 GMT 2008
Daniel Jacobowitz wrote:
> On Tue, Apr 08, 2008 at 01:09:18PM +0100, Dave Korn wrote:
>> ~ $ gcc -O3 -S -xc -o 2.s -
>> extern void foo (char *buf, int len);
>> extern void bar (char *buf);
>>
>> void foo (char *buf, int len)
>> {
>> if (buf+len < buf)
>> {
>> bar (buf);
>> }
>> return;
>> }
>
> Note that if buf is a char *, there's no way to know that it's the
> start of an object. So you're not testing the same thing they were
> talking about; calling foo (&str[2], -1) is completely valid C.
Exactly.
Dave, that's why my test example had the:
len = 1 << 30;
line. The compiler has to know that the value of len is non-negative in
order to do the optimization. Using an "unsigned int len" parameter
should also give it that information, but the version I had was designed
to closely resemble the case shown to my by CERT, which used a signed
variable.
Thanks,
--
Mark Mitchell
CodeSourcery
mark@codesourcery.com
(650) 331-3385 x713
More information about the Gcc
mailing list