http://www.kb.cert.org/vuls/id/162289
In short, if, for example, any code that has a pointer into a buffer and
a length of an object in a buffer, and checks to make sure that the
length is sane by checking that buffer+length >= buffer, that code won't
work in GCC 4.2 because GCC 4.2 assumes that if you add an integer value
to a pointer value, the resulting pointer value will be greater than or
equal to the original pointer value, and doesn't bother checking for that.
I'm not sure whether that's an issue for integer addition; the CERT
Secure Coding site makes recommendations other than
foo = a + b;
if (foo < a)
overflow!
for checking whether that sum overflows:
https://www.securecoding.cert.org/confluence/display/seccode/INT32-C-a.+Ensure+that+integer+addition+operations+do+not+result+in+an+overflow
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
