On 11/22/2013 7:34 PM, Andrew McGlashan wrote: > http://www.securitycurrent.com/en/research/ac_research/mot-researchers-uncover-security-flaws-in-c
"the team ran Stack against the Debian Linux archive, of which 8575 out of 17432 packages contained C/C++ code. For a whopping 3471 packages, STACK detected at least one instance of unstable code." So 3471 Wheezy packages had one ore more instances of gcc introduced anomalies. And the kernel binary they tested had 32. As an end user I'm not worried about this at all. But I'd think developers may want to start taking a closer look at how gcc does its optimizations and creates these anomalies. If the flaws are serious they should obviously takes steps to mitigate or eliminate this. I didn't read the full paper yet, but I'm wondering how/if the optimization flag plays a part in this. I.e. does "O2" produce these bugs but "OO" (default) or "Og" (debugging) does not? -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52911cb9.5010...@hardwarefreak.com
