https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91946
Bug ID: 91946
Summary: wrong result comparing pointer with pointer+offset
with -m32
Product: gcc
Version: 9.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: tim.ruehsen at gmx dot de
Target Milestone: ---
The following code compiled with -m32 (alternatively when on a 32bit system)
shows wrong output with gcc 8.3.0 and gcc 9.2.1. gcc 7.4.0 is not affected.
This leads to a possible RCE (remote code execution) in at least one real world
executable.
#include <stdio.h>
void main(void) {
char *a=0xf3e0080c;
size_t n=235429897;
char *b = a + n;
printf("%p %p %d %d\n", a, a + n, a > a + n, a > b);
}
output with gcc 8.3.0 and 9.2.1:
0xf3e0080c 0x1e86815 0 1
output with gcc 7.4.0:
0xf3e0080c 0x1e86815 1 1
output with clang 8.0.1:
0xf3e0080c 0x1e86815 1 1
expected output:
0xf3e0080c 0x1e86815 1 1
