On Mon, Apr 7, 2008 at 10:28 AM, Robert C. Seacord <[EMAIL PROTECTED]> wrote: > I believe the vulnerability is that gcc may *silently* discard the overflow > checks and that this is a recent change in behavior.
No it is not recent, unless you consider 1998 recent :). I don't know how many times but we have not changed the behavior of GCC with respect of signed integer overflow being undefined. Since the loop optimizers have said this before, we just added an extra pass which depends on it more. I guess you did not read the GCC mailing list before posting this Vulnerability because we already discussed this many many times before around the time GCC 4.2.0 came out. Also try -Wstrict-overflow=5 in GCC 4.2.3 and in GCC 4.3.0, we already warn about most if not all cases already. Thanks, Andrew Pinski