lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 21 Jan 2007 12:07:18 +0000
From: Marcin Owsiany <marcin@...iany.pl>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Major gcc 4.1.1 and up security issue

On Sun, Jan 21, 2007 at 01:20:05AM +0100, Pavel Kankovsky wrote:
> 
> This optimization (*) is ok as long as no overflow occurs during the
> evaluation of the original condition. It modifies its semantics when 
> integer overflows are involved but this is acceptable because the result 
> of an overflowing arithmetic operation on signed integers is undefined.
[...]
> Helping people fix their broken code and teach them how to write 
> correct code might be more productive imho. :P

Google found me the following way to check for integer overflows:

http://www.daniweb.com/code/snippet260.html

I guess something like this, but with substraction instead of division
can be implemented for checking for overflows on addition?

Are there other, possibly more terse ways to do this check? Maybe
something like a "best practice" to do this kind of thing?


I also think that CPUs can detect internally when an overflow happens -
is there a way to use that feature in C somehow, in a portable way?
(Somehow I feel that the answer is that not all CPUs do that, so - no.)

Marcin
-- 
Marcin Owsiany <marcin@...iany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ