Bugtraq mailing list archives

Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk

From: jat-public01 () jaet org
Date: 18 Apr 2006 15:44:18 -0000

Are you certain that should fail?

(unsigned long)-1 is a word with all bits set (on a twos-complement machine), so I believe the result should be 
undefined with regard to overflow adding a pointer.

It certainly seems reasonable for a compiler to optimize away a test for a pointer in the range of p to p+MAXINT-1, if 
p has the same number of bits as MAXINT.

If you really want to test for negative buffer sizes, you need to declare the length as long rather than unsigned long.

John Tamplin

Current thread:

gcc 4.1 bug miscompiles pointer range checks, may place you at risk Felix von Leitner (Apr 17)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Chamberlain (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Forrest J. Cavalier III (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Alexander Klimov (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Florian Weimer (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Gabor Gombas (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Nate Eldredge (Apr 19)
- <Possible follow-ups>
- RE: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Michael Wojcik (Apr 18)
- Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk jat-public01 (Apr 18)