Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

Salut, On Wed, 2006-05-03 at 08:21, [EMAIL PROTECTED] wrote: > #define MAXPTR (char *)0x // this would differ on 64 bit systems That should be #define MAXPTR (void *)(~0UL) no? Tonnerre signature.asc Description: This is a digitally signed message part

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

perhaps instead of "c + len > c" being the test of pointer wraparound, one may use the following (if there is a desire to use pointer-based arithmetic)... #define MAXPTR (char *)0x // this would differ on 64 bit systems if (MAXPTR - c < len) { // we have a pointer wraparound... }

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

On Mon, 17 Apr 2006, Felix von Leitner wrote: I wrote a small library of functions to do typical range checks as they are needed in code that handles incoming packets or messages from untrusted sources. My impetus was SMB code, in case you want to know. Here is one of my functions: static inl

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

On Mon, Apr 17, 2006 at 10:03:54PM +0200, Felix von Leitner wrote: > static inline int range_ptrinbuf(const void* buf,unsigned long len,const > void* ptr) { > register const char* c=(const char*)buf; /* no pointer arithmetic on > void* */ > return (c && c+len>c && (const char*)ptr-c }

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

Felix von Leitner wrote: ... > Here is one of my functions: > > static inline int range_ptrinbuf(const void* buf,unsigned long len,const > void* ptr) { > register const char* c=(const char*)buf; /* no pointer arithmetic on > void* */ > return (c && c+len>c && (const char*)ptr-c } > > Of

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

* Felix von Leitner: > static inline int range_ptrinbuf(const void* buf,unsigned long len,const > void* ptr) { > register const char* c=(const char*)buf; /* no pointer arithmetic on > void* */ > return (c && c+len>c && (const char*)ptr-c } It seems that the problem is that c + len >

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

Are you certain that should fail? (unsigned long)-1 is a word with all bits set (on a twos-complement machine), so I believe the result should be undefined with regard to overflow adding a pointer. It certainly seems reasonable for a compiler to optimize away a test for a pointer in the range

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

On Mon, 17 Apr 2006, Felix von Leitner wrote: > static inline int range_ptrinbuf(const void* buf,unsigned long len,const > void* ptr) { > register const char* c=(const char*)buf; /* no pointer arithmetic on > void* */ > return (c && c+len>c && (const char*)ptr-c } > > [...] > > assert(

RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

> From: Felix von Leitner [mailto:[EMAIL PROTECTED] > Sent: Monday, 17 April, 2006 16:04 > > static inline int range_ptrinbuf(const void* buf,unsigned > long len,const void* ptr) { > register const char* c=(const char*)buf; /* no pointer > arithmetic on void* */ > return (c && c+len>c

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

Felix von Leitner wrote: I wrote a small library of functions to do typical range checks as they are needed in code that handles incoming packets or messages from untrusted sources. My impetus was SMB code, in case you want to know. Here is one of my functions: static inline int range_ptrinbuf