Robert C. Seacord wrote:
The following article encapsulates my understanding of undefined
behavior based on these discussions:
MSC15-A. Do not depend on undefined behavior
<https://www.securecoding.cert.org/confluence/display/seccode/MSC15-A.+Do+not+depend+on+undefined+behavior>
I think that looks like a fine article, at first glance. But, of
course, the behavior is undefined, so, as your article says, people
shouldn't use it.
That said, the GCC developers have already implemented a warning
option to warn about the case where optimizations are made on this
basis. I do not know if it is in -Wall or not. I doubt it, because
it would probably create far too many false positives.
I believe that if you use the option -Wstrict-overflow=5 the development
version of the compiler will warn about this test case. This option was
implemented in response to your report, and will be in GCC 4.4. Users
who want to can of course download the development source code for GCC
and build it today, even before it is released, to check their code. (I
wouldn't recommend using the development version to build things, but
people could use it to get the warning, if they want to do that.)
Declaring it vulnerable while not declaring those others to be
vulnerable is unfair.
We are still evaluating other compilers. If we find that they exhibit
the same behavior, we will list them as vulnerable as well.
When can we expect that you will have completed that investigation? I
can appreciate the desire for an independent investigation, but given
the data we have already provided, it should be a pretty simple matter
to verify this.
Thanks,
--
Mark Mitchell
CodeSourcery
[EMAIL PROTECTED]
(650) 331-3385 x713
