[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C++
From: |
olafBuddenhagen |
Subject: |
Re: C++ |
Date: |
Tue, 27 Oct 2009 08:29:08 +0100 |
User-agent: |
Mutt/1.5.19 (2009-01-05) |
Hi,
On Thu, Sep 24, 2009 at 01:28:18PM -0600, Andrew Waidler wrote:
> Another point is that compilers sometimes over-optimize to the point
> of causing security bugs, which I think this was the recent example
> in Linux; http://lwn.net/Articles/341773/
The compiler didn't actually cause a security bug. What it did was
optimize code that was already a security bug in itself, in a way that
would be perfectly safe in a normal situation; but in combination with
one or two other kernel bugs that broke gcc's assumptions, it was
elevated from "merely" a DoS to a code injection.
This was an extremely specific situation; concluding that compilers are
generally dangerous would be ridiculous.
-antrik-
- Re: C++,
olafBuddenhagen <=
- Re: C++, olafBuddenhagen, 2009/10/28
- Re: C++, Jonathan S. Shapiro, 2009/10/28
- Re: C++, olafBuddenhagen, 2009/10/28