lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bd43bd47c8eaa4c22c1a1549cee66f7ef960b1fc.camel@med.uni-goettingen.de>
Date:   Fri, 25 Feb 2022 21:36:28 +0000
From:   "Uecker, Martin" <Martin.Uecker@....uni-goettingen.de>
To:     "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 03/13] usb: remove the usage of the list iterator
 after the loop

Am Mittwoch, den 23.02.2022, 20:54 +0000 schrieb Linus Torvalds:
> On Wed, Feb 23, 2022 at 12:43 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> > Of course, the C standard being the bunch of incompetents they are,
> > they in the process apparently made left-shifts undefined (rather than
> > implementation-defined). Christ, they keep on making the same mistakes
> > over and over. What was the definition of insanity again?

Implementation-defined only means that it needs to be
documented (and clang does not even do this), so
I am not sure what difference this would make.

> Hey, some more googling on my part seems to say that somebody saw the
> light, and it's likely getting fixed in newer C standard version.

I don't think it is changed. But C23 will require
integers to be repreeted using two's complement,
so there is a better chance to fix things
like this in the future. 

> So it was just a mistake, not actual malice. Maybe we can hope that
> the tide is turning against the "undefined" crowd that used to rule
> the roost in the C standards bodies. Maybe the fundamental security
> issues with undefined behavior finally convinced people how bad it
> was?

The right people to complain to are the
compiler vendors, because they decide what
UB does in their implementation.  In the
standard body the same people argue that
the standard has to codify existing
practice.  Even in cases where the standard
defines behavior, compilers sometimes simply
ignore this (e.g. pointer comparison or
pointer-to-integer round  trips). So the
power is really with the compiler writers.


Martin 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ