From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18004 invoked by alias); 20 Feb 2015 17:09:54 -0000 Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-owner@gcc.gnu.org Received: (qmail 17993 invoked by uid 89); 20 Feb 2015 17:09:53 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 20 Feb 2015 17:09:52 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1KH9kx3026267 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 20 Feb 2015 12:09:47 -0500 Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t1KH9i08011085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 20 Feb 2015 12:09:45 -0500 Message-ID: <54E76A58.4010401@redhat.com> Date: Fri, 20 Feb 2015 17:09:00 -0000 From: Florian Weimer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Jeff Law , Jonathan Wakely CC: Sandra Loosemore , Jakub Jelinek , Jeff Prothero , "gcc@gcc.gnu.org" Subject: Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference References: <20150218192943.GR1746@tucnak.redhat.com> <54E64DFF.8030100@codesourcery.com> <54E71534.8070805@redhat.com> <54E76870.2070502@redhat.com> In-Reply-To: <54E76870.2070502@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-02/txt/msg00200.txt.bz2 On 02/20/2015 06:01 PM, Jeff Law wrote: > But that's always true -- this isn't any different than aliasing, > arithmetic overflow, etc. The standards define the contract between the > compiler/library implementors and the developers. Once the contract is > broken, all bets are off. What I don't like about this case (std::vector::data() returning nullptr vs memcpy/memcmp/qsort non-null assertions) is that it is internally non-composing in a totally non-obvious way. data() is explicitly intended to cover interoperability with these older C functions, and it fails. But you are right about overflows. I think we should give up and just enable -fwrapv by default in Fedora and downstream. This issue has been explicitly documented since 2002 at least (explicitly with security-related checks in mind), and programmers still write overflow checks which are only correct with -fwrapv, and it passes code review. I fear that's not going to change, ever. -- Florian Weimer / Red Hat Product Security