The libgcc runtime for the gcc and g++ compilers contain multiple flaws that can result in integer type range vulnerabilities in programs that are compiled using the -ftrapv option.
Both gcc and g++ provide an -ftrapv compiler option that, according to the gcc man page, "generates traps for signed overflow on addition, subtraction, multiplication operations." When used, this flag replaces the native assembler instructions that perform these arithmetic operations with calls to arithmetic routines in the libgcc2.c module located in the gcc subdirectory of the gcc distribution. These routines perform checks for overflow conditions and call abort() when a signed overflow condition is detected. These routines implement flawed algorithms for detecting signed overflow conditions, and as a result, do not correctly identify all cases of signed overflow. This can result in developers producing code that they believe is secure but in reality is subject to integer type range vulnerabilities resulting from signed integer overflow and underflow conditions.
All versions of gcc and g++ release 3.3.3 and older are affected. The patch for this bug was committed to mainline on July 6th, 2003, by Roger Sayle meaning this patch will be available starting from gcc version 3.4.0.
The complete impact of this vulnerability is not yet known.
The CERT/CC is currently unaware of a practical solution to this problem.
Do not rely on the -ftrapv option for preventing signed integer overflow.
Thanks to Bruno Haible for reporting this vulnerability.
This document was written by Robert C Seacord.
|Date First Published:||2004-04-30|
|Date Last Updated:||2006-02-03 19:57 UTC|