Am Dienstag, den 04.09.2018, 10:00 +0200 schrieb Dmitry Vyukov:
> On Tue, Sep 4, 2018 at 8:27 AM, Uecker, Martin
> wrote:
> > Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds:
Hi Dmitry,
> Compiler and KASAN should still be able to do checking against the
>
Am Dienstag, den 04.09.2018, 10:00 +0200 schrieb Dmitry Vyukov:
> On Tue, Sep 4, 2018 at 8:27 AM, Uecker, Martin
> wrote:
> > Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds:
Hi Dmitry,
> Compiler and KASAN should still be able to do checking against the
>
Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds:
> On Mon, Sep 3, 2018 at 12:40 AM Uecker, Martin
> wrote:
> >
> > But if the true bound is smaller, then IMHO it is really bad advise
> > to tell programmers to use
> >
> > char buf[MAX_SIZE
Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds:
> On Mon, Sep 3, 2018 at 12:40 AM Uecker, Martin
> wrote:
> >
> > But if the true bound is smaller, then IMHO it is really bad advise
> > to tell programmers to use
> >
> > char buf[MAX_SIZE
Am Sonntag, den 02.09.2018, 10:40 -0700 schrieb Kees Cook:
> On Sun, Sep 2, 2018 at 1:08 AM, Uecker, Martin
> wrote:
> > I do not agree that VLAs are generally bad for security.
> > I think the opposite is true. A VLA with the right size
> > allows the compiler to automat
Am Sonntag, den 02.09.2018, 10:40 -0700 schrieb Kees Cook:
> On Sun, Sep 2, 2018 at 1:08 AM, Uecker, Martin
> wrote:
> > I do not agree that VLAs are generally bad for security.
> > I think the opposite is true. A VLA with the right size
> > allows the compiler to automat
I do not agree that VLAs are generally bad for security.
I think the opposite is true. A VLA with the right size
allows the compiler to automatically perform or insert
meaningful bounds checks, while a fixed upper bound does not.
For example:
char buf[N];
buf[n] = 1;
Here, a compiler /
I do not agree that VLAs are generally bad for security.
I think the opposite is true. A VLA with the right size
allows the compiler to automatically perform or insert
meaningful bounds checks, while a fixed upper bound does not.
For example:
char buf[N];
buf[n] = 1;
Here, a compiler /
To give credit where credit is due, this hack was inspired by
an equally insane (but different) use of the ?: operator to choose
the right return type for type-generic macros in tgmath.h.
https://sourceware.org/git/?p=glibc.git;a=blob;f=math/tgmath.h;h=a709a5
To give credit where credit is due, this hack was inspired by
an equally insane (but different) use of the ?: operator to choose
the right return type for type-generic macros in tgmath.h.
https://sourceware.org/git/?p=glibc.git;a=blob;f=math/tgmath.h;h=a709a5
Am Mittwoch, den 21.03.2018, 10:51 +0100 schrieb Martin Uecker:
>
> Am Dienstag, den 20.03.2018, 17:30 -0700 schrieb Linus Torvalds:
> > On Tue, Mar 20, 2018 at 5:10 PM, Uecker, Martin
> > <martin.uec...@med.uni-goettingen.de> wrote:
> >
Am Mittwoch, den 21.03.2018, 10:51 +0100 schrieb Martin Uecker:
>
> Am Dienstag, den 20.03.2018, 17:30 -0700 schrieb Linus Torvalds:
> > On Tue, Mar 20, 2018 at 5:10 PM, Uecker, Martin
> > wrote:
> >
> > > But one could also use __builtin_types_compatib
Am Dienstag, den 20.03.2018, 17:30 -0700 schrieb Linus Torvalds:
> On Tue, Mar 20, 2018 at 5:10 PM, Uecker, Martin
> <martin.uec...@med.uni-goettingen.de> wrote:
>
> > But one could also use __builtin_types_compatible_p instead.
>
> That might be the right approach,
Am Dienstag, den 20.03.2018, 17:30 -0700 schrieb Linus Torvalds:
> On Tue, Mar 20, 2018 at 5:10 PM, Uecker, Martin
> wrote:
>
> > But one could also use __builtin_types_compatible_p instead.
>
> That might be the right approach, even if I like how it only used
&
Am Dienstag, den 20.03.2018, 16:08 -0700 schrieb Linus Torvalds:
> On Tue, Mar 20, 2018 at 3:13 PM, Uecker, Martin
> <martin.uec...@med.uni-goettingen.de> wrote:
> >
> > here is an idea:
>
> That's not "an idea".
>
> That is either genius, or a se
Am Dienstag, den 20.03.2018, 16:08 -0700 schrieb Linus Torvalds:
> On Tue, Mar 20, 2018 at 3:13 PM, Uecker, Martin
> wrote:
> >
> > here is an idea:
>
> That's not "an idea".
>
> That is either genius, or a seriously diseased mind.
>
> I can
talking of crazy ideas, here is another way to preserve
integer const expressions in macros by storing it a
VLA type (only for positive integers I guess):
#define MAX(a, b) sizeof(*({\
typedef char _Ta[a];\
typedef char _Tb[b];\
(char(*)[sizeof(_Ta) >
talking of crazy ideas, here is another way to preserve
integer const expressions in macros by storing it a
VLA type (only for positive integers I guess):
#define MAX(a, b) sizeof(*({\
typedef char _Ta[a];\
typedef char _Tb[b];\
(char(*)[sizeof(_Ta) >
Hi Linus,
here is an idea:
a test for integer constant expressions which returns an
integer constant expression itself which should be suitable
for passing to __builtin_choose_expr might be:
#define ICE_P(x) (sizeof(int) == sizeof(*(1 ? ((void*)((x) * 0l)) :
(int*)1)))
This also does not
Hi Linus,
here is an idea:
a test for integer constant expressions which returns an
integer constant expression itself which should be suitable
for passing to __builtin_choose_expr might be:
#define ICE_P(x) (sizeof(int) == sizeof(*(1 ? ((void*)((x) * 0l)) :
(int*)1)))
This also does not
20 matches
Mail list logo