BugTraq
gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 17 2006 08:03PM
Felix von Leitner (felix-bugtraq fefe de) (6 replies)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 18 2006 07:16PM
Florian Weimer (fw deneb enyo de)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 18 2006 09:21AM
Gabor Gombas (gombasg sztaki hu)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 18 2006 07:45AM
Alexander Klimov (alserkli inbox ru)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 18 2006 12:15AM
Nate Eldredge (nge cs hmc edu)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 17 2006 11:57PM
Michael Chamberlain (michael chamberlain net au)
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk Apr 17 2006 10:26PM
Forrest J. Cavalier III (mibsoft mibsoftware com)
Felix von Leitner wrote:
> I wrote a small library of functions to do typical range checks as they
> are needed in code that handles incoming packets or messages from
> untrusted sources. My impetus was SMB code, in case you want to know.
>
> Here is one of my functions:
>
> static inline int range_ptrinbuf(const void* buf,unsigned long len,const void* ptr) {
> register const char* c=(const char*)buf; /* no pointer arithmetic on void* */
> return (c && c+len>c && (const char*)ptr-c<len);
> }
>
> Of course, when developing security critical code like this, you also
> write a good test suite for it, that exercises all the cases. Here is
> part of my test suite:
>
> assert(range_ptrinbuf(buf,(unsigned long)-1,buf+1)==0);
>

Overflow tests are hard to get right in a platform-independent way.

What if your sizeof(ptrdiff_t) != sizeof(unsigned long)?

And what do think about this:

http://c0x.coding-guidelines.com/6.5.6.html#1160

? Can we be sure ptr-c is defined? Even when ptr < buf? Even when
ptr > c + len + 1?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus