Hacker News new | past | comments | ask | show | jobs | submit login

The compiler converted a buggy program that was prevented from opening a security hole by defense in depth into a program with a security hole. It transformed a careless error into a systemic error, all in the cause of a micro-optimization that didn't.



What are you talking about? Dereferencing invalid memory is a security bug.


Not necessarily.


In what cases it's not?


In the referenced case the introduced error involved a reference to a null pointer but there was still no exploitable security hole. The exploit was enabled when the compiler removed an explicit check. The null dereference was an error, but it was not a security issue on its own.


Why didn't the kernel panic when it tried to access NULL?


Why is a compiler writer attempting to legislate the kernel address space?


Give me a break. The kernel developers know C. They know what "undefined behavior" means.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: