> I am very interested in seeing how this optimization can remove
> arithmetic overflows.
int foo (char * buf, int n)
{
// buf+n may overflow of the programmer incorrectly passes
// a large value of n. But recent versions of gcc optimise
// to 'n < 100', removing the overflow.
return buf + n < buf + 100;
}
Compiled on i386, gcc-4.3.0 with -O2 gives:
foo:
xorl %eax, %eax
cmpl $99, 8(%esp)
setle %al
ret
E.g., calling foo with:
#include <stdio.h>
int main()
{
char buf[100];
printf ("%d\n", foo (buf, 1500000000));
return 0;
}
on my PC (where the stack is just below the 3Gig position).
> > Why is Cert advising people to avoid an optimisation that can ---
> > realistically, although probably rarely --- remove security
> > vulnerabilities?
> >
> If you are referring to VU#694123, this refers to an optimization
I'm talking about 162289.
Ralph.
> that removes checks pointer arithmetic wrapping. The optimization
> doesn't actually eliminate the wrapping behavior; this still occurs.
> It does, however, eliminate certain kinds of checks (that depend upon
> undefined behavior).
>
> Thanks,
> rCs
