GCC and pointer overflows
Posted Apr 16, 2008 23:28 UTC (Wed) by mongenet
Parent article: GCC and pointer overflows
The CERT advisory looks bogus.
First, the example uses an
int instead of an
unsigned int (note that our fine editor uses an
unsigned int in his example):
Then, it pretends that "gcc will assume that
buf+len >= buf". If
len is an
int, it may be negative and gcc may obviously not (and does not) assume that
buf+len >= buf (of course,
buf must point to an object in an array for the pointer arithmetic to be valid).
Then, the length check
if(buf+len < buf) is completely bogus:
buf+len may point out of the array (including just beyond the end of the array) and that is a bug even without an overflow.
The "Solution" given by CERT has the same bug, but with two ugly cast operators added! A correct solution is of course given by our editor.
to post comments)