Ian,
I know I'm biased, but I think "use a different compiler" is clearly
implied by the text of the advisory. If the advisory mentioned that
other compilers also implement the same optimization, then that
implication would not be there.
yes, i agree we should make this change, and warn against assuming this
optimization is not performed on other compilers.
if i understand you correctly (and based on our own tests) none of the
compilation flags we've discussed address this issue, so we should also
remove this as a "solution".
thanks,
rCs
--
Robert C. Seacord
Senior Vulnerability Analyst
CERT/CC
Work: 412-268-7608
FAX: 412-268-6989
