Recent gcc versions use the fact that signed overflow is undefined to do some un... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

JoachimSchipper on April 19, 2012 | parent | context | favorite | on: Heap overflow bug in OpenSSL

Recent gcc versions use the fact that signed overflow is undefined to do some unexpected optimizations (in particular, a + b < a will never be true if a, b are ints.) I don't think -ftrapv is going to cause many additional errors, but I haven't actually tried it. (Also, http://embed.cs.utah.edu/ioc/ looks interesting.)

Natsu on April 20, 2012 [–]

> (in particular, a + b < a will never be true if a, b are ints.)

Code of exactly that form in the patch for this bug made me do a double take. Fortunately, they'd also changed the a & b from plain ints to size_t, so it was ok.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact