|
|
|
|
|
|
by ge0rg
4893 days ago
|
|
|
The problem with smart compilers is indeed how they break existing (naive) code, optimizing away things like "assert(len + 100 > len)" [1] Making a correct overflow check in C/C++ is not just not straightforward, it is overy complicated even for experienced developers [2]. This is IMHO inacceptable for a thing that is required often in a security context. Therefore, I hope that option 3 proposed by the author (change of the C/C++ standard to define the correct behavior at for least integer overflows) will be adopted. However, this probably will not happen for a long time, leaving us with security holes all over the net. [1] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475 [2] http://stackoverflow.com/questions/3944505/detecting-signed-... |
|
|