Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|
Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)|
There is heated discussion on gcc's bugzilla starting from 2007:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
and clang is also affected, depending on optimization flags.
poc is the program at end.
gcc with all optimization flags optimizes away |assert(a+100 > a)|
even if there is no integer overflow, only signed overflow.
clang fires the assertion with -O0, but also optimizes it away
with -O3
The formal verifier CBMC fires the assertion, which might of
interest about formally verified programs.
Signed integer arithmetic is commonly used even without integer
overflows. If |(int) -1 < (unsigned int) 2| holds, this would
be disaster.
Could this compiler issue be security problem?
Any workarounds?
===poc===
#include
int foo(int a) {
assert(a+100 > a);
printf("%d %d\n",a+100,a);
return a;
}
int main() {
foo(100);
foo(0x7fffffff);
}
=========
CV: https://j.ludost.net/resumegg.pdf
site: http://www.guninski.com
blog: https://j.ludost.net/blog