Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Apr 2008 12:17:09 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: gcc 4.2 optimizations and integer overflow checks

While an unusual bug, we decided to assign a CVE for it.

- Steve

Name: CVE-2008-1685
Status: Candidate
Reference: CERT-VN:VU#162289
Reference: URL:

gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not
used, considers the sum of a pointer and an int to be greater than or
equal to the pointer, which might remove length testing code that was
intended as a protection mechanism against integer overflow and buffer
overflow attacks.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.