On 2016-11-25 18:39:28 +0100, Torbjörn Granlund wrote: > I assume "undefined" means that the computer will not explode, or even > cause any less dramatic security issues, or even terminate execution.
Compilers use the fact that undefined behavior must not occur to do some optimizations, like removing what appears as dead code (but actually isn't). So, this can yield crashes and security issues. See for instance the invalid bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475 "assert(int+100 > int) optimized away" and the following article: https://lwn.net/Articles/575563/ So, with some codes that intended to detect buffer overflow or integer overflow with code like the above one, the check was no longer performed. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) _______________________________________________ gmp-devel mailing list gmp-devel@gmplib.org https://gmplib.org/mailman/listinfo/gmp-devel
