Robert C. Seacord wrote:
I will update the CERT C Secure Coding rule with a list of compilers,
once we complete a fact check. Chad is responsible for updating the vul
note, so I'll need to discuss this with him.
Thanks.
Specifically with regards to MSVC 2005, I thought Chad had already
checked this and found that it did not exhibit this behavior. I just
tested the following program.
I should clarify that I didn't personally do the test with MSVC -- or
the other compilers mentioned. (I tried to suggest that in the wording
of my email, but I should have been more explicit.) I was reporting
information that had been given to me.
#include <stdio.h>
void f(char *buf) {
unsigned int len = len = 0xFFFFFF00;
if (buf+len < buf) puts("true");
}
That's a little different that my test case, in that in your case len is
unsigned. Your case should make the optimization easier for the
compiler to do, not harder -- but it would be worth trying with signed
int. I'd also eliminate the double-assignment to "len". My test case was:
int f(char *buf, int len) {
len = 1 << 30;
if (buf + len < buf)
return 1;
return 0;
}
which is what the person who emailed me about MSVC tested. I did
include the optimization flags they used in that email; they appeared in
a comment in the MSVC output. I don't know what those flags mean,
though; I'm not an expert on MSVC usage.
Thanks,
--
Mark Mitchell
CodeSourcery
[EMAIL PROTECTED]
(650) 331-3385 x713
