| |||||||||||||
Many good pointsMany good pointsPosted Nov 8, 2007 21:53 UTC (Thu) by pynm0001 (guest, #18379)In reply to: Many good points by dvdeug Parent article: Daniel Bernstein: ten years of qmail security
"can detect" is not the same as "will detect". If the language does not throw an exception (or otherwise intelligently handle the problem) for an overflow then it has an integer overflow problem. C is even worse simply because it is undefined. Undefined behavior is not a good thing in a program which is supposed to be secure and bug free. The wrap-around behavior is not retained because of historical baggage, it's retained because that is the "optimized" form. i.e. the underlying hardware performs the addition and the result is wrapped around without checking beforehand if the answer will fit. Most processors have an "overflow" flag which can be set but checking that after every addition is pretty much not done.
(Log in to post comments)
Many good points Posted Nov 9, 2007 4:14 UTC (Fri) by dvdeug (subscriber, #10998) [Link] And there's no reason for any language that doesn't play fast and loose close to the bare metal not to detect it, which is why I questioned your assumption that most languages would have an integer overflow problem. No, it's not the optimized form. GCC added optimization that in loops took advantage of the fact that overflow is undefined and hence not done in legal programs, and got a great deal of flack for it.
|
|||||||||||||