lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47426C54.9020009@zytor.com>
Date:	Mon, 19 Nov 2007 21:10:44 -0800
From:	"H. Peter Anvin" <hpa@...or.com>
To:	WANG Cong <xiyou.wangcong@...il.com>
CC:	zhengyi <goodmenkernel@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: Is there any word about this bug in gcc ?

WANG Cong wrote:
> On Tue, Nov 20, 2007 at 10:13:42AM +0800, zhengyi wrote:
>> Is there any relevance to the kernel ?
>>
>> I found the folowing code here:
>> http://linux.solidot.org/article.pl?sid=07/11/19/0512218&from=rss
>>
>> -------------------------------------------------------------------
>> int main( void )
>> {
>>  int i=2;
>>  if( -10*abs (i-1) == 10*abs(i-1) )
>>    printf ("OMG,-10==10 in linux!\n");
>>  else
>>    printf ("nothing special here\n") ;
>>
>>  return 0 ;
>> }
> 
> I think no. It is considered a bug in abs(), kernel, of course,
> doesn't use glibc's abs().
> 

Wrong.

abs() is internal to gcc, and the above is optimized out at compile 
time, so any user of abs() as a function at all is vulnerable.

However, the Linux kernel defines abs() as a macro:

#define abs(x) ({                               \
                 int __x = (x);                  \
                 (__x < 0) ? -__x : __x;         \
         })

... which means gcc never sees it.  So the kernel isn't affected, 
because it doesn't use *gcc's* abs().

	-hpa

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ