In this post below to the Linux security-audit mailing list, Solar was kind
enough to fulfill my request for performance data on the Compaq ccc compiler
for Linux/Alpha using bounds checking. Astonishingly, Solar's tests showed
virtually no performance overhead for bounds checking. I found
In this post below to the Linux security-audit mailing list, Solar was kind
enough to fulfill my request for performance data on the Compaq ccc compiler
for Linux/Alpha using bounds checking. Astonishingly, Solar's tests showed
virtually no performance overhead for bounds checking. I found this
Solar Designer wrote:
foo() {
char x[50];
gets(x);
}
I would _not_ expect this case to be covered by the compiler's bounds
checking. This is in fact the reason I didn't use a strcpy() when
demonstrating the bounds checking to you in my first
