Bug#482698: CVE-2008-1685: removes possible protection mechanism against overflows
On Sun, May 25, 2008 at 12:17:22AM +1000, Steffen Joeris wrote:
> gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not
> used, considers the sum of a pointer and an int to be greater than or
> equal to the pointer, which might remove length testing code that was
> intended as a protection mechanism against integer overflow and buffer
> overflow attacks.
No bug in gcc. Pointers have no defined overflow behaviour in C. See
#472867 for another example.
Bastian
--
Yes, it is written. Good shall always destroy evil.
-- Sirah the Yang, "The Omega Glory", stardate unknown
Reply to: