On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
Jakub, thanks for your summary.
I'm not convinced it is a good idea, that is why we've intentionally
left it
out when adding UBSan support, IMHO such an option defines substantially
different languages.
The reason why I thought about -fsanitize=unsigned-integer-overflow
would be useful is that people still hit on undesired integer overflows
in their code (that may even lead to security vulnerabilities), despite
the fact some people intentionally rely on them.
An integer overflow where the result feeds a malloc/alloca is definitely
a security issue. There may be others.
So one of the questions one might reasonably try to answer is can we
limit sanitization to those cases that are most likely going to be of
interest to developers. I suspect that in general integer overflow
happens far often than developers realize and that there'll be so many
false positives that the results will be ignored.
Jeff
