David LeBlanc's Web Log
Vulnerability Note VU#162289
Basically, what it says is that code which looks like this:
char *buf;
int len;
gcc will assume that buf+len >= buf.
As a result, code that performs length checks similar to the following:
len = 1<<30;
[...]
if(buf+len < buf) /* length check */
[...perform some manipulation on len...]
are compiled away by these versions of gcc
No comments:
Post a Comment