|
Full Disclosure
mailing list archives
Re: Major gcc 4.1.1 and up security issue
From: Marcin Owsiany <marcin () owsiany pl>
Date: Mon, 22 Jan 2007 20:42:35 +0000
On Mon, Jan 22, 2007 at 02:50:21PM -0500, Valdis.Kletnieks () vt edu wrote:
It's generally considered performance-crippling
to add inline code that does a "test condition/branch" pair after *every single*
opcode that might cause an overflow - so the C paradigm is to leave them out
and have the programmer code tests when actually needed.
Right, seems that I had too much Java for too long recently - I tend to
think of terms of exceptions being thrown in such cases, not
assembly-level flag checking...
You think it's bad *now*, where you have to force-feed a 2-billion-something
value in to cause an integer overflow, you obviously aren't old enough to have
programmed on 16-bit machines, where numbers around 32,000 were sufficient,
Actually, I'm old enough to have programmed on 8-bit machines, but we're
getting off-topic here :-)
Marcin
--
Marcin Owsiany <marcin () owsiany pl> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
"Every program in development at MIT expands until it can read mail."
-- Unknown
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Major gcc 4.1.1 and up security issue, (continued)
- Message not available
Re: Major gcc 4.1.1 and up security issue Gwiasda Patrick (Jan 16)
Re: Major gcc 4.1.1 and up security issue Glenn.Everhart (Jan 22)
| 
Intro
