Chad Dougherty wrote:
The vulnerability note has been significantly reworked to focus on the
issue of undefined behavior handling in the compiler and the fact that
conforming implementations are not required to warn of this condition.
I've tried to incorporate many of the valid concerns that were raise on
this list in response to the original vulnerability note.
Thank you for making the update; this is a big improvement.
However, I'm surprised that only GCC is listed as "vulnerable" at the
bottom of the page. We've provided information about a lot of other
compilers that do the same optimization. Why is the status for
compilers from Microsoft, Intel, IBM, etc. listed as "Unknown" instead
of "Vulnerable"?
--
Mark Mitchell
CodeSourcery
[EMAIL PROTECTED]
(650) 331-3385 x713
