User: Password:
|
|
Subscribe / Log in / New account

Debian vulnerability has widespread effects

Debian vulnerability has widespread effects

Posted May 15, 2008 7:44 UTC (Thu) by Ross (guest, #4065)
Parent article: Debian vulnerability has widespread effects

> ... While it isn't necessarily wrong to add these uninitialized buffers to the PRNG pool ...

Actually it is, strictly speaking, wrong according to the C standard.  It's as bad as using an
uninitialized variable, punning pointer types, assuming unaligned access is ok, etc.  -- It
seems to work, but it can break in really annoying ways.

Warnings and code analysis tools are good -- it is the blind "fixing" of the things they
report is bad.


(Log in to post comments)

Debian vulnerability has widespread effects

Posted May 15, 2008 13:29 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

If uninitialised memory is accessed as an array of unsigned char, that's actually OK -
unsigned char can't have any trap values. I don't know which type is being used here.

Debian vulnerability has widespread effects

Posted May 15, 2008 21:39 UTC (Thu) by Ross (guest, #4065) [Link]

While that gets rid of the likely causes of actual errors, I beleive it still violates the
standard, and a compiler is free to do whatever it wants in that situation.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds