LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

How to kill a web browser

How to kill a web browser

Posted Oct 21, 2004 8:30 UTC (Thu) by nathan (subscriber, #3559)
In reply to: How to kill a web browser by mmarkov
Parent article: How to kill a web browser

> I mean, come on, you cannot crash a C compiler
> with an invalid C source.

I beg to differ :)

(Log in to post comments)

How to kill a web browser

Posted Oct 21, 2004 9:38 UTC (Thu) by nix (subscriber, #2304) [Link]

Definitely you can. The old `confused by earlier errors, bailing out' message in GCC, and the new `internal compiler error' messages are definitely crashes... Have a look at:
<http://gcc.gnu.org/bugzilla/buglist.cgi?keywords=ice-on-i...;

At the time of writing, that's 689 cases of crashing a C (and C++, Ada, Java, Fortran) compiler with invalid code. Add an &component=c to the end of that URI, and you find 56 examples of crashing the C compiler.

This is not a crash!

Posted Oct 21, 2004 15:21 UTC (Thu) by spudbeach (guest, #5837) [Link]

A "crash" is when a program completes incorrectly, often with a segfault. A compiler saying "giving up" isn't a crash -- it is a normal termination for bad input. No signal, no possibility of exploitation, and the user got some output that is useful.

This is not a crash!

Posted Oct 22, 2004 13:46 UTC (Fri) by nix (subscriber, #2304) [Link]

The old `bailing out' message was triggered, IIRC, by a SIGSEGV being caught. So there was a signal.

I doubt it could be regarded as exploitable, though. :)

How to kill a web browser

Posted Oct 22, 2004 0:10 UTC (Fri) by JoeBuck (subscriber, #2330) [Link]

Almost all of the GCC crashes occur when GCC itself detects an inconsistency and quits with an internal error. There are a few, though, where the compiler actually crashes because of internal corruption, but those are far rarer.

Cases where the application itself decides to abort aren't security risks (though they could possibly be used to create a denial of service attack if the app can be made to repeatedly shut itself down).

How to kill a web browser

Posted Oct 22, 2004 13:45 UTC (Fri) by nix (subscriber, #2304) [Link]

The internal-corruption crashes certainly are rare, now. I was really thinking of the days of egcs and before, when the `bailing out' message often *was* the result of a SIGSEGV being caught, if memory serves, and was really rather easy to trigger...

... and no, this isn't a security risk. (Who would execute a compiler in a security-critical environment anyway? The security risks are generally in the compiler's output when it succeeds :) )

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.