I have this function: static inline int range_ptrinbuf(const void* buf,unsigned long len,const void* ptr) { register const char* c=(const char*)buf; return (c && c+len>c && (const char*)ptr-c<len); }
I tested it with this test: assert(range_ptrinbuf(buf,(unsigned long)-1,buf+1)==0); With gcc 3.4.5, this passes (with and without optimization). With gcc 4.1.0, this fails. I put in a printf to see if any of the values is incorrectly calculated -- it's "c+len>c" that incorrectly returns 0. This is with and without optimizer. This is very bad because this kind of check is used to do security checks when validating data from incoming network packets. I was planning to use this function to check data in incoming SMB packets. This bug causes all kinds of well-meaning security checks to silently fail. I also compiled Samba and my Linux kernel with gcc 4.1. I'm feeling very uncomfortable now. Please release a fixed gcc version ASAP! -- Summary: pointer arithmetic overflow handling broken Product: gcc Version: 4.1.0 Status: UNCONFIRMED Severity: blocker Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: felix-gcc at fefe dot de GCC build triplet: i686-pc-linux-gnu GCC host triplet: i686-pc-linux-gnu GCC target triplet: i686-pc-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=27180