Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

["Forrest J. Cavalier III" <mibsoft@xxxxxxxxxxxxxxx>]

Felix von Leitner wrote:
> I wrote a small library of functions to do typical range checks as they
> are needed in code that handles incoming packets or messages from
> untrusted sources.  My impetus was SMB code, in case you want to know.
>
> Here is one of my functions:
>
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const void* 
> ptr) {
>   register const char* c=(const char*)buf;      /* no pointer arithmetic on 
> void* */
>   return (c && c+len>c && (const char*)ptr-c<len);
> }
>
> Of course, when developing security critical code like this, you also
> write a good test suite for it, that exercises all the cases.  Here is
> part of my test suite:
>
>   assert(range_ptrinbuf(buf,(unsigned long)-1,buf+1)==0);

Overflow tests are hard to get right in a platform-independent way.

What if your sizeof(ptrdiff_t) != sizeof(unsigned long)?

And what do think about this:

   http://c0x.coding-guidelines.com/6.5.6.html#1160

?  Can we be sure ptr-c is defined?  Even when ptr < buf?  Even when
ptr > c + len + 1?