Daniel Jacobowitz wrote:
On Fri, Apr 25, 2008 at 11:45:25AM -0400, Paul Koning wrote:
Robert> To me, the whole notion of this vulnerability node is flawed
Robert> in that respect. You can write a lengthy and useful book on
Robert> pitfalls in C that must be avoided, but I see no reason to
Robert> turn such a book into a cert advisory, let alone pick out a
Robert> single arbitrary example on a particular compiler!
I think that comment is absolutely correct.
The R in CERT is "Response" (at least it used to be; I can't find an
expansion on their web site...). They're responding to a problem that
was reported to them, and alerting others to the problem. We can
argue about the details, but not about the need to respond.
But surely they are not in the general business of responding to
comments of the form:
"I have an incorrect C program that is undefined by the standard,
and it did not behave as I expected it to!"
If so, I can imagine lots more comments!
They can respond, but the response should be "This program
is incorrect C, and its semantics are not defined by C, security
critical programs should always avoid use of such constructs."
End of (canned) response
Somehow implying that the commpiler is at fault for not providing
expected semantics for programs where the programmer has no right
to expect anything is technically unsound and confusing.
Yes, it is often the case that incorrect programs will do what
is expected (whatever that may be) one day, and not the next day.
That is what undefined is about!
