>>>>> Robert C Seacord writes: Robert> my thinking is that if this behavior has been in place for many years, Robert> for example, users will have had the opportunity to discover the changed Robert> behavior.
This explanation seems to be premised on users never moving an application to a new system and a new compiler, nor modifying an existing application, nor new programmers coming to the platform. It assumes that all programmers on a platform with a compiler that performs this optimization will have written non-conforming C code that triggers this transformation, will have encountered an error due to the transformation, will have debugged the problem, will have corrected the problem, never will accidentally or intentionally write similarly non-conforming code again, and will instruct all new and old colleagues about the vulnerability. That is a long list of assumptions to justify the explaination that a vulnerability announcement is not necessary for other optimizing compilers. David