Brad Roberts wrote:
Additionally, the linked to notes for GCC are reflective of the original
innaccuracies:
http://www.kb.cert.org/vuls/id/CRDY-7DWKWM
Vendor Statement
No statement is currently available from the vendor regarding this
vulnerability.
US-CERT Addendum
Vendors and developers using the GNU C compiler should consider
downgrading their version of gcc or sticking with versions of the gcc
compiler (before version 4.1) that do not perform the offending
optimization. In the case of gcc, it should be emphasized that this is a
change of behavior in the later versions of the compiler.
Why is this inaccurate? The objections to the original version of the
note on this list were that it appeared to advocate dumping gcc in favor
of another compiler that may do the same optimization. This addendum
merely suggest considering using an older version of gcc.
-Chad
