[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Major gcc 4.1.1 and up security issue
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Major gcc 4.1.1 and up security issue
- From: Marcin Owsiany <marcin@xxxxxxxxxx>
- Date: Mon, 22 Jan 2007 20:42:35 +0000
On Mon, Jan 22, 2007 at 02:50:21PM -0500, Valdis.Kletnieks@xxxxxx wrote:
> It's generally considered performance-crippling
> to add inline code that does a "test condition/branch" pair after *every
> single*
> opcode that might cause an overflow - so the C paradigm is to leave them out
> and have the programmer code tests when actually needed.
Right, seems that I had too much Java for too long recently - I tend to
think of terms of exceptions being thrown in such cases, not
assembly-level flag checking...
> You think it's bad *now*, where you have to force-feed a 2-billion-something
> value in to cause an integer overflow, you obviously aren't old enough to have
> programmed on 16-bit machines, where numbers around 32,000 were sufficient,
Actually, I'm old enough to have programmed on 8-bit machines, but we're
getting off-topic here :-)
Marcin
--
Marcin Owsiany <marcin@xxxxxxxxxx> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
"Every program in development at MIT expands until it can read mail."
-- Unknown
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/