Bugtraq mailing list archives
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk
From: "Forrest J. Cavalier III" <mibsoft () mibsoftware com>
Date: Mon, 17 Apr 2006 18:26:46 -0400
Felix von Leitner wrote:
I wrote a small library of functions to do typical range checks as they are needed in code that handles incoming packets or messages from untrusted sources. My impetus was SMB code, in case you want to know. Here is one of my functions: static inline int range_ptrinbuf(const void* buf,unsigned long len,const void* ptr) { register const char* c=(const char*)buf; /* no pointer arithmetic on void* */ return (c && c+len>c && (const char*)ptr-c<len); } Of course, when developing security critical code like this, you also write a good test suite for it, that exercises all the cases. Here is part of my test suite: assert(range_ptrinbuf(buf,(unsigned long)-1,buf+1)==0);
Overflow tests are hard to get right in a platform-independent way. What if your sizeof(ptrdiff_t) != sizeof(unsigned long)? And what do think about this: http://c0x.coding-guidelines.com/6.5.6.html#1160 ? Can we be sure ptr-c is defined? Even when ptr < buf? Even when ptr > c + len + 1?
Current thread:
- gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner (Apr 17)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge (Apr 19)
- <Possible follow-ups>
- RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01 (Apr 18)