[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?


I came across this paper:

>From this PDF:

"We implement this approach in a static checker called Stack, and use it
to show that unstable code is present in a wide range of systems
software, including the Linux kernel and the Postgres database. We
estimate that unstable code exists in 40% of the 8,575 Debian Wheezy
packages that contain C / C++ code."

So, they pretend that an estimated 3430 Debian packages in Wheezy
contain code which GCC optimize, resulting in unexpected behaviors,
leading to bugs and security vulnerabilities.

I haven't checked for these facts myself due to lack of time, which is
why I just post here. I think this paper is interesting anyway, and
worth sharing.

Thoughts anyone?


Thomas Goirand (zigo)

Reply to: