BugTraq
Back to list
|
Post reply
GNU GCC: Optimizer Removes Code Necessary for Security
Nov 16 2002 10:04AM
Joseph Wagner (wagnerjd prodigy net)
(1 replies)
When optimizing code for "dead store removal" the optimizing compiler may
remove code necessary for security.
A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.
For a full report, including a complete description of the bug, steps
necessary to reproduce the problem, a workaround, and sample code, go to:
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-
trail&database=gcc&pr=8537
[ reply ]
Re: GNU GCC: Optimizer Removes Code Necessary for Security
Nov 17 2002 02:27PM
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
Privacy Statement
Copyright 2010, SecurityFocus
When optimizing code for "dead store removal" the optimizing compiler may
remove code necessary for security.
A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.
For a full report, including a complete description of the bug, steps
necessary to reproduce the problem, a workaround, and sample code, go to:
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-
trail&database=gcc&pr=8537
[ reply ]