https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91946
Bug ID: 91946 Summary: wrong result comparing pointer with pointer+offset with -m32 Product: gcc Version: 9.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: tim.ruehsen at gmx dot de Target Milestone: --- The following code compiled with -m32 (alternatively when on a 32bit system) shows wrong output with gcc 8.3.0 and gcc 9.2.1. gcc 7.4.0 is not affected. This leads to a possible RCE (remote code execution) in at least one real world executable. #include <stdio.h> void main(void) { char *a=0xf3e0080c; size_t n=235429897; char *b = a + n; printf("%p %p %d %d\n", a, a + n, a > a + n, a > b); } output with gcc 8.3.0 and 9.2.1: 0xf3e0080c 0x1e86815 0 1 output with gcc 7.4.0: 0xf3e0080c 0x1e86815 1 1 output with clang 8.0.1: 0xf3e0080c 0x1e86815 1 1 expected output: 0xf3e0080c 0x1e86815 1 1