On Wed, Apr 23, 2008 at 1:59 PM, Chad Dougherty <[EMAIL PROTECTED]> wrote:
> Brad Roberts wrote:
>
> > Additionally, the linked to notes for GCC are reflective of the original
> innaccuracies:
> > http://www.kb.cert.org/vuls/id/CRDY-7DWKWM
> >
> > Vendor Statement
> > No statement is currently available from the vendor regarding this
> vulnerability.
> >
> > US-CERT Addendum
> > Vendors and developers using the GNU C compiler should consider
> downgrading their version of gcc or sticking with versions of the gcc
> compiler (before version 4.1) that do not perform the offending
> optimization. In the case of gcc, it should be emphasized that this is a
> change of behavior in the later versions of the compiler.
> >
> >
>
>  Why is this inaccurate?  The objections to the original version of the note
> on this list were that it appeared to advocate dumping gcc in favor of
> another compiler that may do the same optimization.  This addendum merely
> suggest considering using an older version of gcc.

Which is in general a bad advice as older gcc versions may have wrong-code
bugs that are serious and have security implications if such bugs applies to
your code.

Richard.

Reply via email to