GCC and pointer overflows
Lubomir Kundrak
lkundrak at redhat.com
Thu Apr 17 09:27:29 UTC 2008
On Thu, 2008-04-17 at 09:03 +0200, Gianluca Sforna wrote:
> I just read this news on LWN ( BTW, thanks to Jeff for providing me a
> free subscription... )
>
> Are our packages affected by this gcc "feature" ?
>
> http://www.kb.cert.org/vuls/id/162289
>
> In other words, do our default compilation flags lessen or nullify the
> impact of that problem?
This is certainly not a security vulnerability and Fedora did not
consider it as such. It is likely that most of Fedora 9 packages are
compiled with this bug, but it's certainly not worth recompiling them to
fix it and will most likely have no consequences at all.
Fedora 8 gcc and packages did not have this problem. A first glance I do
not see anything in Fedora 9 gcc changelog that would say this is fixed.
It should be probably easy for you to check it yourself -- proof of
concept for 32 bit architectures is depicted in the advisory.
Regards,
--
Lubomir Kundrak (Red Hat Security Response Team)
More information about the fedora-devel-list
mailing list