[E6300]

This? http://blog.regehr.org/archives/970

The compiler didn't create a security bug by removing the null check. The bug was created by the programmer when he didn't check for null before dereferencing the pointer. Even with the check, the program contained a bug.

[vyodaiken]

The compiler converted a buggy program that was prevented from opening a security hole by defense in depth into a program with a security hole. It transformed a careless error into a systemic error, all in the cause of a micro-optimization that didn't.

[E6300]

What are you talking about? Dereferencing invalid memory is a security bug.

[vyodaiken]

Not necessarily.

[E6300]

In what cases it's not?

[vyodaiken]

In the referenced case the introduced error involved a reference to a null pointer but there was still no exploitable security hole. The exploit was enabled when the compiler removed an explicit check. The null dereference was an error, but it was not a security issue on its own.

[E6300]

Why didn't the kernel panic when it tried to access NULL?