Dear "Cert", I originally raised this with you privately, but you are slow to respond, so I am raising this again, more concisely, and CC'd to a less private forum.
(a) Arithmetic overflows have historically been a significant source of security vulnerabilities. (b) Recent versions of gcc (along with other compilers) contain an optimisation that can *REMOVE* arithmetic overflows. Why is Cert advising people to avoid an optimisation that can --- realistically, although probably rarely --- remove security vulnerabilities? [I also note that the example you claim is a "length check" in your advisory, is nothing of the sort. It is an oddly written test of the absolute position of a pointer. I don't actually see how the optimisation in question could remove a check on the length of something. And even more, I don't see how such a hypothetical length check could not also avoid being broken by other 101 other things, such as variations in OS memory layout, which may vary even between successive runs of identical binarys] Ralph.
