--- Comment #16 from nigelenki at comcast dot net 2006-07-11 07:08 ---
(In reply to comment #15)
> (In reply to comment #14)
>
...
> > Yes but now he has a limited number of code paths to go wrong on.
>
> That is not true. he just knows the last function and nothing more, this is
>
--- Comment #15 from pinskia at gcc dot gnu dot org 2006-07-11 06:45
---
(In reply to comment #14)
> > >
> > > You make the assumption that I somehow know the bug is in f(). What if I
> > > have
> > > a 64 million line program with several hundred thousand functions like
> > > this
--- Comment #14 from nigelenki at comcast dot net 2006-07-11 06:25 ---
(In reply to comment #13)
> (In reply to comment #12)
> > (In reply to comment #10)
> > > (In reply to comment #8)
> > >
> >
...
> >
> > You make the assumption that I somehow know the bug is in f(). What if I
>
--- Comment #13 from pinskia at gcc dot gnu dot org 2006-07-11 06:00
---
(In reply to comment #12)
> (In reply to comment #10)
> > (In reply to comment #8)
> >
>
> > That is just a simple (obvious) example, you seem to not understand how real
> > code looks like. You might instead ha
--- Comment #12 from nigelenki at comcast dot net 2006-07-11 05:49 ---
(In reply to comment #10)
> (In reply to comment #8)
>
> That is just a simple (obvious) example, you seem to not understand how real
> code looks like. You might instead have:
>
> int f(int a, int b)
> {
> int
--- Comment #11 from pinskia at gcc dot gnu dot org 2006-07-11 05:32
---
(In reply to comment #9)
> Sorry but as somebody that has been an active supporter of ssp over the
> years and somebody thats fixed dozens of bugs spotted by ssp your
> statement is not really valid about exposing
--- Comment #10 from pinskia at gcc dot gnu dot org 2006-07-11 05:25
---
(In reply to comment #8)
> Actually it won't come from 1000 lines before. It'll go like this:
>
> int vuln(char *s, int len) {
> char a[10];
> char b[20];
>
> a[0] = 0;
> strcpy(a, "str: ");
> strcat(
--- Comment #9 from solar at gentoo dot org 2006-07-11 04:57 ---
(In reply to comment #7)
> (In reply to comment #5)
> > This bug should get itself assigned.
>
> You know like many other open source projects, if you really want a feature
> you
> should implement it.
I would not have
--- Comment #8 from nigelenki at comcast dot net 2006-07-11 04:56 ---
(In reply to comment #6)
> (In reply to comment #4)
> > Thank you, I see the problem, there's a patch attached. Your distribution
> > should have a new version some time in a couple days.
>
> Here is how normal GCC
--- Comment #7 from pinskia at gcc dot gnu dot org 2006-07-11 04:31 ---
(In reply to comment #5)
> This bug should get itself assigned.
You know like many other open source projects, if you really want a feature you
should implement it. As I mentioned in the other bug, knowing where so
--- Comment #6 from pinskia at gcc dot gnu dot org 2006-07-11 04:27 ---
(In reply to comment #4)
> Thank you, I see the problem, there's a patch attached. Your distribution
> should have a new version some time in a couple days.
Here is how normal GCC bugs go:
User (which is a develo
--- Comment #5 from solar at gentoo dot org 2006-07-11 04:25 ---
John is mostly right in reporting this.
Gentoo uses SSP more than anyone else out there for longer than most
anybody (obsd excluded) and I can't stress how vital it is to have the
function hint that Etoh's original __stac
--- Comment #4 from nigelenki at comcast dot net 2006-07-11 03:09 ---
(In reply to comment #3)
> If an end user gets a stack smash failure, they should report the bug to the
> developer and have the developer fix it.
> This is what is normally done for anyother bug, why should it be diff
--- Comment #3 from pinskia at gcc dot gnu dot org 2006-07-11 03:02 ---
If an end user gets a stack smash failure, they should report the bug to the
developer and have the developer fix it.
This is what is normally done for anyother bug, why should it be different than
a stack smashing o
--- Comment #2 from nigelenki at comcast dot net 2006-07-11 02:43 ---
The program may be on an end user system that A) has insufficient debugging
data compiled in (though I'd imagine you know what function it's in anyway); or
B) has an end user that can't/won't debug (typical). It may a
--- Comment #1 from pinskia at gcc dot gnu dot org 2006-07-10 21:26 ---
Why not use a debuger to debug your program when stack smasher happens?
--
pinskia at gcc dot gnu dot org changed:
What|Removed |Added
-
16 matches
Mail list logo
