Joe,
Response below.
On Mon, Apr 07, 2008 at 01:28:21PM -0400, Robert C. Seacord wrote:
You are also right that the popularity of gcc is one of the reasons we
decided to publish on this. If you identify other compilers that a) are
relatively popular, b) have changed their behavior recently, and c)
silently optimize out overflow checks we will consider publishing
vulnerability notes for those compilers as well.
What is the justification for requirement b)? We identified two distinct
proprietary compilers that also do this optimization, but it isn't a
recent change in behavior.
my thinking is that if this behavior has been in place for many years,
for example, users will have had the opportunity to discover the changed
behavior. our goal here is to disseminate this information more quickly.
on a related topic, we are trying to produce secure coding standards
that deal with these issues in general.
we've begun the additional of several rules around the topic of pointer
arithmetic following the release of this vul note.
The most relevant is titled "ARR38-C. Do not add or subtract an integer
to a pointer if the resulting value does not refer to an element within
the array" and can be found here:
https://www.securecoding.cert.org/confluence/x/SgHm
We are hopeful that these rules and recommendations will help developers
address these issues in the general sense.
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989