Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
From: jat-public01@xxxxxxxx
Date: 18 Apr 2006 15:44:18 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Are you certain that should fail?

(unsigned long)-1 is a word with all bits set (on a twos-complement machine), 
so I believe the result should be undefined with regard to overflow adding a 
pointer.

It certainly seems reasonable for a compiler to optimize away a test for a 
pointer in the range of p to p+MAXINT-1, if p has the same number of bits as 
MAXINT.

If you really want to test for negative buffer sizes, you need to declare the 
length as long rather than unsigned long.

John Tamplin

Prev by Date: Re: [Full-disclosure] [Argeniss] Alert - Yahoo! Webmail XSS
Next by Date: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Previous by thread: RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Next by thread: Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
Index(es):
- Date
- Thread