Wireshark · Wireshark-dev: [Wireshark-dev] GCC 4.2 might cause some overflow checks not to work

Wireshark-dev: [Wireshark-dev] GCC 4.2 might cause some overflow checks not to work

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 09 Apr 2008 11:26:56 -0700

	http://www.kb.cert.org/vuls/id/162289

In short, if, for example, any code that has a pointer into a buffer anda length of an object in a buffer, and checks to make sure that thelength is sane by checking that buffer+length >= buffer, that code won'twork in GCC 4.2 because GCC 4.2 assumes that if you add an integer valueto a pointer value, the resulting pointer value will be greater than orequal to the original pointer value, and doesn't bother checking for that.

I'm not sure whether that's an issue for integer addition; the CERTSecure Coding site makes recommendations other than


	foo = a + b;
	if (foo < a)
		overflow!

for checking whether that sum overflows:

	https://www.securecoding.cert.org/confluence/display/seccode/INT32-C-a.+Ensure+that+integer+addition+operations+do+not+result+in+an+overflow

Prev by Date: Re: [Wireshark-dev] services file and port ranges
Next by Date: Re: [Wireshark-dev] services file and port ranges
Previous by thread: Re: [Wireshark-dev] Lots of Header Packets, but No Data Packets?
Next by thread: Re: [Wireshark-dev] New feature: custom columns
Index(es):
- Date
- Thread