On Sun, Nov 24, 2013 at 6:23 AM, Stan Hoeppner <s...@hardwarefreak.com> wrote: > On 11/22/2013 7:34 PM, Andrew McGlashan wrote: > >> http://www.securitycurrent.com/en/research/ac_research/mot-researchers-uncover-security-flaws-in-c > > "the team ran Stack against the Debian Linux archive, of which 8575 out > of 17432 packages contained C/C++ code. For a whopping 3471 packages, > STACK detected at least one instance of unstable code." > > So 3471 Wheezy packages had one ore more instances of gcc introduced > anomalies. And the kernel binary they tested had 32. > > As an end user I'm not worried about this at all. But I'd think > developers may want to start taking a closer look at how gcc does its > optimizations and creates these anomalies. If the flaws are serious > they should obviously takes steps to mitigate or eliminate this. > > I didn't read the full paper yet, but I'm wondering how/if the > optimization flag plays a part in this. I.e. does "O2" produce these > bugs but "OO" (default) or "Og" (debugging) does not?
The paper says some of the surprise optimizations happen at even the default optimization level. And I remember one that definitely does, although I don't remember where I put the code where I played with it. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iNP44POMkEYUB6c+iuXceHHFTCM+1bexE5XvKaP=-q...@mail.gmail.com
