On Wed, Apr 23, 2008 at 1:59 PM, Chad Dougherty <[EMAIL PROTECTED]> wrote: > Brad Roberts wrote: > > > Additionally, the linked to notes for GCC are reflective of the original > innaccuracies: > > http://www.kb.cert.org/vuls/id/CRDY-7DWKWM > > > > Vendor Statement > > No statement is currently available from the vendor regarding this > vulnerability. > > > > US-CERT Addendum > > Vendors and developers using the GNU C compiler should consider > downgrading their version of gcc or sticking with versions of the gcc > compiler (before version 4.1) that do not perform the offending > optimization. In the case of gcc, it should be emphasized that this is a > change of behavior in the later versions of the compiler. > > > > > > Why is this inaccurate? The objections to the original version of the note > on this list were that it appeared to advocate dumping gcc in favor of > another compiler that may do the same optimization. This addendum merely > suggest considering using an older version of gcc.
Which is in general a bad advice as older gcc versions may have wrong-code bugs that are serious and have security implications if such bugs applies to your code. Richard.
