Daniel Berlin wrote:
We ask the TBAA analyzer "can a store to a short * touch i.
In this case, it says "no", because it's not legal.
If you know the code is not legal, why don't you abort the compilation
with an error code? The current silent behavior provides a mechanism for
creating source-code Trojans - code that on casual inspection, looks
like it does one thing but does something else. It can even mask its
behavior from debugging - e.g., typically code compiled for debugging
has the optimizer turned off, because otherwise it's too difficult to
follow the sequence of operations, variables aren't always accessible,
etc. When compiled in this manner it is completely benign. But when
built for deployment, with optimization, it's another story...
For example...
####
#include <stdio.h>
short buf[4];
char text[8];
main() {
char *c;
int *i;
short *s;
int words[] = { 0x726d202a, 0x70732078 };
c = (char *)words;
if ( *c == 0x2a ) { /* little endian */
int j;
j = words[0];
c[3] = j & 0xff;
j >>= 8;
c[2] = j & 0xff;
j >>= 8;
c[1] = j & 0xff;
j >>= 8;
c[0] = j & 0xff;
j = words[1];
c += 4;
c[3] = j & 0xff;
j >>= 8;
c[2] = j & 0xff;
j >>= 8;
c[1] = j & 0xff;
j >>= 8;
c[0] = j & 0xff;
}
s = (short *)(char *)words;
buf[0] = s[0];
buf[1] = s[1];
i = (int *)(char *)buf;
*i = words[1];
s = (short *)text;
s[0] = buf[0];
s[1] = buf[1];
printf("%x %x %x %x\n", buf[0], buf[1], buf[2], buf[3] );
puts(text);
/* system(text); */
}
####
The above code compiles without warning with -O2 / -O3
-Wstrict-aliasing, but the result is quite different from compiling
without optimization.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
