Steven Bosscher wrote: >> "It's not my fault if people write buggy software" is a lame excuse >> for sloppy engineering on the part of gcc. > So basically you're saying gcc developers should compensate for other > people's sloppy engineering? ;-)
This might be a little exaggerated, but there's certainly some truth to it. Essentially, the vast majority of code in your Linux or BSD system was written by people who have no idea about the nasty things that can happen when their signed ints overflow. I guess you could call that "sloppy engineering", but unfortunately, this code and these programmers is all that Open Source got. The point is that gcc actually *can* compensate for this particular problem, whereas any other approach is infeasible for the sheer volume of code that needs to be touched. Yup, you're giving up a little performance for that. Yup, it's the other people who wrote broken code, and what gcc currently does is completely mandated by the ISO standard. Still, we're talking about dozens of undiscovered vulnerabilities, and just about any Linux or BSD box out there might be affected. Andreas
