>>>>> Robert C Seacord writes:
Robert> my thinking is that if this behavior has been in place for many years,
Robert> for example, users will have had the opportunity to discover the
changed
Robert> behavior.
This explanation seems to be premised on users never moving an
application to a new system and a new compiler, nor modifying an existing
application, nor new programmers coming to the platform. It assumes that
all programmers on a platform with a compiler that performs this
optimization will have written non-conforming C code that triggers this
transformation, will have encountered an error due to the transformation,
will have debugged the problem, will have corrected the problem, never
will accidentally or intentionally write similarly non-conforming code
again, and will instruct all new and old colleagues about the
vulnerability. That is a long list of assumptions to justify the
explaination that a vulnerability announcement is not necessary for other
optimizing compilers.
David
