Joe Buck wrote:
Thanks. I hope that you will correct the advisory promptly to avoid any
implication that one should switch from GCC to a different compiler based
on this issue, since we've already established that most of GCC's
competitors perform similar optimizations under some cicumstances (even if
the particular example that appears in the CERT report is not affected,
other, similar examples will be, particularly if they appear in a loop).
Both CERT and GCC have their reputations to consider here, and I think
that this advisory has damaged the reputations of *both*.
The vulnerability note has been significantly reworked to focus on the
issue of undefined behavior handling in the compiler and the fact that
conforming implementations are not required to warn of this condition.
I've tried to incorporate many of the valid concerns that were raise on
this list in response to the original vulnerability note.
The advisory should emphasize the solution of auditing buffer overflow
checks to make sure that they are correct C, and should help people
write such checks correctly.
The vulnerability note itself essentially punts this issue to the
corresponding documents in our Secure Coding standard.
-Chad
