Re: MIT discovered issue with gcc

To: debian-user@lists.debian.org
Subject: Re: MIT discovered issue with gcc
From: Stan Hoeppner <stan@hardwarefreak.com>
Date: Sat, 23 Nov 2013 15:23:05 -0600
Message-id: <[🔎] 52911CB9.5010002@hardwarefreak.com>
Reply-to: stan@hardwarefreak.com
In-reply-to: <[🔎] 52900637.1080600@affinityvision.com.au>
References: <[🔎] 52900522.9040507@affinityvision.com.au> <[🔎] 52900637.1080600@affinityvision.com.au>

On 11/22/2013 7:34 PM, Andrew McGlashan wrote:

> http://www.securitycurrent.com/en/research/ac_research/mot-researchers-uncover-security-flaws-in-c

"the team ran Stack against the Debian Linux archive, of which 8575 out
of 17432 packages contained C/C++ code.  For a whopping 3471 packages,
STACK detected at least one instance of unstable code."

So 3471 Wheezy packages had one ore more instances of gcc introduced
anomalies.  And the kernel binary they tested had 32.

As an end user I'm not worried about this at all.  But I'd think
developers may want to start taking a closer look at how gcc does its
optimizations and creates these anomalies.  If the flaws are serious
they should obviously takes steps to mitigate or eliminate this.

I didn't read the full paper yet, but I'm wondering how/if the
optimization flag plays a part in this.  I.e. does "O2" produce these
bugs but "OO" (default) or "Og" (debugging) does not?

-- 
Stan

Reply to:

Follow-Ups:
- Re: MIT discovered issue with gcc
  - From: Neal Murphy <neal.p.murphy@alum.wpi.edu>
- Re: MIT discovered issue with gcc
  - From: Joel Rees <joel.rees@gmail.com>

References:
- MIT discovered issue with gcc
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: MIT discovered issue with gcc
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: about MS email retrieve
Next by Date: Re: MIT discovered issue with gcc
Previous by thread: Re: MIT discovered issue with gcc
Next by thread: Re: MIT discovered issue with gcc
Index(es):
- Date
- Thread