GNU Compiler Collection Information for VU#162289

C compilers may silently discard some wraparound checks



Vendor Statement

The behaviour of pointer overflow has now changed as of the following
(as yet unreleased) versions:

gcc 4.2.4
gcc 4.3.1
gcc 4.4.0

and all subsequent versions (4.2.x where x >= 4, 4.3.y where y >= 1,
4.z where z >= 4).

The optimization under discussion is for comparisons between P + V1
and P + V2, where P is the same pointer and V1 and V2 are variables of
some integer type.  The C/C++ language standards permit this to be
reduced to a comparison between V1 and V2.  However, if V1 or V2 are
such that the sum with P overflows, then the comparison of V1 and V2
will not yield the same result as actually computing P + V1 and P + V2
and comparing the sums.

The new behaviour as of the above releases is that this optimization
is performed by default at -O2 and above, including -Os.  It is not
performed by default at -O1 or (of course) -O0.  The optimization may
be enabled for -O1 with the -fstrict-overflow option.  The
optimization may be disabled for -O2 and above with the
-fno-strict-overflow option.

When the optimization is enabled, cases where it occurs may be
detected by using -Wstrict-overflow=N where N >= 3.  Note that using
this warning option is likely to yield a number of false positive
reports--cases where this or other overflow optimizations are being
applied, but where there is no actual problem.

Please see the gcc manual for more information about these options.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References



Vendors and developers using the GNU C compiler should consider using versions of GCC that do not perform the optimization such as those listed above or GCC 4.1.2 or earlier versions (but NOT 4.1.0).

If you have feedback, comments, or additional information about this vulnerability, please send us email.