public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "felix-gcc at fefe dot de" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/30475] assert(int+100 > int) optimized away
Date: Mon, 15 Jan 2007 19:57:00 -0000 [thread overview]
Message-ID: <20070115195708.7393.qmail@sourceware.org> (raw)
In-Reply-To: <bug-30475-3511@http.gcc.gnu.org/bugzilla/>
------- Comment #4 from felix-gcc at fefe dot de 2007-01-15 19:57 -------
(In reply to comment #2)
> signed type overflow is undefined by the C standard, use unsigned int for the
> addition or use -fwrapv.
You have GOT to be kidding?
All kinds of security issues are caused by integer wraps, and you are just
telling me that with gcc 4.1 and up I cannot test for them for signed data
types any more?!
You are missing the point here. There HAS to be a way to get around this.
Existing software uses signed int and I can't just change it to unsigned int,
but I still must be able to check for a wrap! There does not appear to be a
work around I could do in the source code either! Do you expect me to cast it
to unsigned, shift right by one, and then add or what?!
PLEASE REVERT THIS CHANGE. This will create MAJOR SECURITY ISSUES in ALL
MANNER OF CODE. I don't care if your language lawyers tell you gcc is right.
THIS WILL CAUSE PEOPLE TO GET HACKED.
I found this because one check to prevent people from getting hacked failed.
THIS IS NOT A JOKE. FIX THIS! NOW!
--
felix-gcc at fefe dot de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
next prev parent reply other threads:[~2007-01-15 19:57 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-15 19:43 [Bug c/30475] New: " felix-gcc at fefe dot de
2007-01-15 19:46 ` [Bug c/30475] " felix-gcc at fefe dot de
2007-01-15 19:47 ` pinskia at gcc dot gnu dot org
2007-01-15 19:50 ` felix-gcc at fefe dot de
2007-01-15 19:57 ` felix-gcc at fefe dot de [this message]
2007-01-15 20:04 ` pinskia at gcc dot gnu dot org
2007-01-16 4:47 ` pinskia at gcc dot gnu dot org
2007-01-16 7:00 ` pluto at agmk dot net
2007-01-16 7:24 ` gcc at mailinator dot com
2007-01-17 13:55 ` felix-gcc at fefe dot de
2007-01-17 14:26 ` rguenth at gcc dot gnu dot org
2007-01-17 14:31 ` rguenth at gcc dot gnu dot org
2007-01-17 15:21 ` felix-gcc at fefe dot de
2007-01-17 16:32 ` rguenth at gcc dot gnu dot org
2007-01-17 16:37 ` felix-gcc at fefe dot de
2007-01-17 16:54 ` erdgeist-gcc at erdgeist dot org
2007-01-17 16:57 ` pinskia at gcc dot gnu dot org
2007-01-17 17:03 ` felix-gcc at fefe dot de
2007-01-17 17:06 ` rguenth at gcc dot gnu dot org
2007-01-17 17:12 ` pinskia at gcc dot gnu dot org
2007-01-17 17:14 ` amacleod at redhat dot com
2007-01-17 17:20 ` felix-gcc at fefe dot de
2007-01-17 17:42 ` pinskia at gcc dot gnu dot org
2007-01-17 18:23 ` felix-gcc at fefe dot de
2007-01-17 18:43 ` pinskia at gcc dot gnu dot org
2007-01-17 19:04 ` felix-gcc at fefe dot de
2007-01-17 19:18 ` pinskia at gcc dot gnu dot org
2007-01-18 15:20 ` felix-gcc at fefe dot de
2007-01-18 15:24 ` felix-gcc at fefe dot de
2007-01-18 17:36 ` pinskia at gcc dot gnu dot org
2007-01-21 8:58 ` pinskia at gcc dot gnu dot org
2007-01-21 12:23 ` andreas at andreas dot org
2007-01-21 12:49 ` andreas at andreas dot org
2007-01-21 13:53 ` felix-gcc at fefe dot de
2007-01-21 16:31 ` pinskia at gcc dot gnu dot org
2007-01-21 17:30 ` andreas at andreas dot org
2007-01-21 17:47 ` felix-gcc at fefe dot de
2007-01-21 18:16 ` pluto at agmk dot net
2007-01-21 19:46 ` rguenth at gcc dot gnu dot org
2007-01-21 20:14 ` pinskia at gcc dot gnu dot org
2007-01-21 21:52 ` tromey at gcc dot gnu dot org
2007-01-22 2:18 ` felix-gcc at fefe dot de
2007-01-22 2:27 ` pinskia at gcc dot gnu dot org
2007-01-22 13:02 ` felix-gcc at fefe dot de
2007-01-22 17:15 ` pinskia at gcc dot gnu dot org
2007-01-22 18:26 ` steven at gcc dot gnu dot org
2007-01-22 18:33 ` pinskia at gcc dot gnu dot org
2007-01-22 18:36 ` andreas at andreas dot org
2007-01-22 19:50 ` felix-gcc at fefe dot de
2007-01-22 20:16 ` ian at airs dot com
2007-01-22 22:27 ` pinskia at gcc dot gnu dot org
2007-01-22 23:10 ` andreas at andreas dot org
2007-01-23 0:46 ` kargl at gcc dot gnu dot org
2007-03-08 1:03 ` js at linuxtv dot org
2007-03-08 1:14 ` pinskia at gcc dot gnu dot org
2007-03-08 16:23 ` js at linuxtv dot org
[not found] <bug-30475-4@http.gcc.gnu.org/bugzilla/>
2014-02-16 10:00 ` jackie.rosen at hushmail dot com
2021-01-05 12:26 ` daniel.marjamaki at gmail dot com
2021-01-05 12:56 ` daniel.marjamaki at gmail dot com
2021-01-05 13:30 ` jakub at gcc dot gnu.org
2021-01-05 13:37 ` jakub at gcc dot gnu.org
2021-01-06 10:37 ` daniel.marjamaki at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070115195708.7393.qmail@sourceware.org \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).