From: Joe Buck <jbuck@synopsys.COM>
Message-Id: <200201022359.PAA05815@atrus.synopsys.com>
Subject: Re: [PATCH] C undefined behavior fix
To: dewar@gnat.com
Date: Wed, 2 Jan 2002 15:59:25 -0800 (PST)
Cc: paulus@samba.org, velco@fadata.bg, gcc@gcc.gnu.org,
        linux-kernel@vger.kernel.org, linuxppc-dev@lists.linuxppc.org,
        trini@kernel.crashing.org
In-Reply-To: <20020102235318.26F2FF2EC7@nile.gnat.com> from "dewar@gnat.com" at Jan 02, 2002 06:53:18 PM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org

Robert Dewar writes:

> The concept of "all reasonable compiler implementations" is a very dubious
> one. There is nothing to stop a valid C compiler from building assertions
> based on the quoted paragraph from the C standard, e.g. it could derive
> valid range information from knowing that an offset was constrained to
> certain limits. So writing bogus C like this is risky, and as compilers
> get more sophisticated, one is likely to hear screams, but they are not
> justified in my opinion. There is no excuse for such abuse.

There is already such a project under development: see

http://gcc.gnu.org/projects/bp/main.html

This is a modification to gcc that implements pointers as triples.
While there is a performance penalty for doing this, it can completely
eliminate the problem of exploitable buffer overflows.  However, programs
that violate the rules of ISO C by generating out-of-range pointers will
fail.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/