Feb. 14, 2011
11:32 p.m.
On 02/14/2011 07:59 AM, Olson, Arthur David (NIH/NCI) [E] wrote:
Does the code available at... http://www.cert.org/secure-coding/integralsecurity.html ...survive gcc's latest optimizations?
I doubt whether anybody knows the answer to that question. Looking at the code, I'm not sure I'd trust that code all that much, as I found a systemic bug in it after five minutes' worth of investigation. In multiple places it naively assumes that integer division can't overflow, which of course is incorrect for two's complement arithmetic.