Date: Mon, 13 Jul 2015 03:19:14 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: How serious is undefined behavior? On Mon, Jul 06, 2015 at 06:17:34PM +0200, Hanno B??ck wrote: > However I wonder how practically relevant these issues are and also > how much focus should be given to them. Related: "What is C in practice? (Cerberus survey): Analysis of Responses" http://www.cl.cam.ac.uk/~pes20/cerberus/notes50-2015-05-24-survey-discussion.html A productive direction may be for the free software community (or an even wider community, if possible) to agree on de facto mainstream C standard, where certain kinds of UB and such would in fact be defined in specific ways. There would still remain many kinds of UB and such, but fewer of them and the easier avoidable ones. As things currently are, non-trivial programs sort of have to make certain assumptions beyond what's guaranteed by C standards anyway. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ