Re: [PATCH] C undefined behavior fix

Joe Buck (jbuck@synopsys.COM)
Wed, 2 Jan 2002 15:59:25 -0800 (PST)


Robert Dewar writes:

> The concept of "all reasonable compiler implementations" is a very dubious
> one. There is nothing to stop a valid C compiler from building assertions
> based on the quoted paragraph from the C standard, e.g. it could derive
> valid range information from knowing that an offset was constrained to
> certain limits. So writing bogus C like this is risky, and as compilers
> get more sophisticated, one is likely to hear screams, but they are not
> justified in my opinion. There is no excuse for such abuse.

There is already such a project under development: see

http://gcc.gnu.org/projects/bp/main.html

This is a modification to gcc that implements pointers as triples.
While there is a performance penalty for doing this, it can completely
eliminate the problem of exploitable buffer overflows. However, programs
that violate the rules of ISO C by generating out-of-range pointers will
fail.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/