Hi, On Thu, Sep 24, 2009 at 01:28:18PM -0600, Andrew Waidler wrote:
> Another point is that compilers sometimes over-optimize to the point > of causing security bugs, which I think this was the recent example > in Linux; http://lwn.net/Articles/341773/ The compiler didn't actually cause a security bug. What it did was optimize code that was already a security bug in itself, in a way that would be perfectly safe in a normal situation; but in combination with one or two other kernel bugs that broke gcc's assumptions, it was elevated from "merely" a DoS to a code injection. This was an extremely specific situation; concluding that compilers are generally dangerous would be ridiculous. -antrik-
