|
|
|
|
|
|
by makomk
4893 days ago
|
|
|
It can't always be tested for at compiler time but the problem he's complaining about is when C compilers do detect signed integer overflow. What happens is that someone writes code that in practice handles signed integer overflow fine, then a while later the C compiler developers get clever, detect the integer overflow, and decide to optimize that code away because it's invoking undefined behaviour and they can do whatever they like. The code in question is frequently security-critical, so by removing it the compiler converts safe code whose behaviour is technically undefined by the standard into a security vulnerability. |
|
|
A good post describing how these optimizations come about is http://www.airs.com/blog/archives/120
More options to warn about uses of or disable these optimizations would be welcome in compilers.