[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
From: jat-public01@xxxxxxxx
Date: 18 Apr 2006 15:44:18 -0000

Are you certain that should fail?

(unsigned long)-1 is a word with all bits set (on a twos-complement machine), 
so I believe the result should be undefined with regard to overflow adding a 
pointer.

It certainly seems reasonable for a compiler to optimize away a test for a 
pointer in the range of p to p+MAXINT-1, if p has the same number of bits as 
MAXINT.

If you really want to test for negative buffer sizes, you need to declare the 
length as long rather than unsigned long.

John Tamplin

Prev by Date: blur6ex Local File Inclusion and SQL injection .
Next by Date: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Previous by thread: RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Next by thread: [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability
Index(es):
- Date
- Thread