| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Nov 2007 21:10:49 +0000 From: Nix <nix@...eri.org.uk> To: "H. Peter Anvin" <hpa@...or.com> Cc: Herbert Xu <herbert@...dor.apana.org.au>, David Miller <davem@...emloft.net>, xiyou.wangcong@...il.com, goodmenkernel@...il.com, linux-kernel@...r.kernel.org Subject: Re: Is there any word about this bug in gcc ? On 20 Nov 2007, H. Peter Anvin outgrape: > This one is definitely messy. There is absolutely no way to know what > gcc has miscompiled. Actually, since this only affects abs() calls containing multiplications or divisions by negative constants, you can at least make a pretty good guess as to its prevalence with nothing more than grep (first grep -w for abs, then grepping for "- *[0-9]" and filtering the rest by eye). (This won't catch cases of macros using abs() which are then called with negative constants, but it *will* catch those macros, and one can check the calls to such things by hand. I've done that as well.) I've grepped all the source on my system (1148 expanded upstream source tarballs or git/cvs/svn trees including the Linux kernel, most of GNOME, and all of KDE and X.org) and found that hits are extremely rare: not as rare as calls to seekdir() and telldir() :) but rare. (Quite a lot of things multiply by negative constants *inside* a call to abs(), but this should be unaffected.) Certain hits: ./nethack/3.4.3/src/cmd.c: else if(x < -2*abs(y)) ./nethack/3.4.3/src/cmd.c: else if(y < -2*abs(x)) Possible hits (I'm not sure what the folder would do with this: the extra level of brackets in the way might affect things but I don't think so): ./libtheora/libtheora/lib/enc/pp.c: TmpMod = 32 + QValue - 2*(abs(Src[j+Pitch]-Src[j])); ./libtheora/libtheora/lib/enc/pp.c: TmpMod = 32 + QValue - 2*(abs(Src[j+1]-Src[j])); ./xmms/modules/projectM-0.94.20/main.c: wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5); ./xmms/modules/projectM-0.94.20/main.c: wave_x_temp=-2*0.4142*(abs(abs(wave_mystery)-.5)-.5); None of these affected programs strike me as being exactly system- critical. I think the impact of this bug is probably survivable. :) I'd build a GCC with the patch and verify that these programs are compiled differently with it, but they look unimportant enough that I'm not really sure I care enough to do it... -- `Some people don't think performance issues are "real bugs", and I think such people shouldn't be allowed to program.' --- Linus Torvalds - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists