Mozilla seems to receive a report of an exploitable operator new[]
overflow every couple of months now. Obviously, this is not good.
What is necessary so that GCC can fix this code generation issue?
I've created a patch, together with a test case, but it has not been
approved, nor have I been told how to change the patch to make it more
suitable for inclusion ("change the middle end type system so that
this can be expressed in a better way" is just not realistic for me,
and apparently anyone else):
<http://gcc.gnu.org/ml/gcc-patches/2010-02/msg00275.html>
So how can we fix this, more than eight years after it was reported as
a security issue, more than ten years after the defect in the standard
was identified, and more than twenty years after it was introduced
into GCC?
