> I am very interested in seeing how this optimization can remove > arithmetic overflows.
int foo (char * buf, int n) { // buf+n may overflow of the programmer incorrectly passes // a large value of n. But recent versions of gcc optimise // to 'n < 100', removing the overflow. return buf + n < buf + 100; } Compiled on i386, gcc-4.3.0 with -O2 gives: foo: xorl %eax, %eax cmpl $99, 8(%esp) setle %al ret E.g., calling foo with: #include <stdio.h> int main() { char buf[100]; printf ("%d\n", foo (buf, 1500000000)); return 0; } on my PC (where the stack is just below the 3Gig position). > > Why is Cert advising people to avoid an optimisation that can --- > > realistically, although probably rarely --- remove security > > vulnerabilities? > > > If you are referring to VU#694123, this refers to an optimization I'm talking about 162289. Ralph. > that removes checks pointer arithmetic wrapping. The optimization > doesn't actually eliminate the wrapping behavior; this still occurs. > It does, however, eliminate certain kinds of checks (that depend upon > undefined behavior). > > Thanks, > rCs