Michael Ströder wrote:
HI!
Did anyone already take not of this? Are parts of OpenLDAP's code affected?
Looks like a really stupid way to do bounds checking. I've never seen it in OpenLDAP code, but I also haven't looked for it explicitly either. The examples would only ever work for a machine with 32 bit pointers, you'd get no meaningful safety check with 64 bit pointers. (In fact, it's unlikely to provide a meaningful check on most 32 bit platforms, since user memory tends to be mapped into the lower 31 bits of the address space. You would have to be overflowing by more than 2^31 for the check to catch anything. What idiot would write a check that's so fragile?)
[Bug c/27180] New: pointer arithmetic overflow handling broken http://gcc.gnu.org/ml/gcc-bugs/2006-04/msg01297.html
US-CERT - Vulnerability Note VU#162289: gcc silently discards some wraparound checks http://www.kb.cert.org/vuls/id/162289