Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
GNU GCC: Optimizer Removes Code Necessary for Security
Nov 16 2002 10:04AM
Joseph Wagner (wagnerjd prodigy net)
(1 replies)
When optimizing code for "dead store removal" the optimizing compiler may
remove code necessary for security.
A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.
For a full report, including a complete description of the bug, steps
necessary to reproduce the problem, a workaround, and sample code, go to:
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-
trail&database=gcc&pr=8537
[ reply ]
Re: GNU GCC: Optimizer Removes Code Necessary for Security
Nov 17 2002 02:27PM
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
Privacy Statement
Copyright 2008, SecurityFocus
When optimizing code for "dead store removal" the optimizing compiler may
remove code necessary for security.
A programmer could erroneously think that his code is secure, even though
the securing code is removed from the compiled code.
For a full report, including a complete description of the bug, steps
necessary to reproduce the problem, a workaround, and sample code, go to:
http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-
trail&database=gcc&pr=8537
[ reply ]