[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)

[Arnold Reinhold]

On May 2, 2014, at 8:44 AM, Benjamin Kreuter <brk7bx at virginia.edu> wrote:

> On Thu, 2014-05-01 at 17:36 -0400, Arnold Reinhold wrote:
> 
>> After the developers have been told that a specific optimization is
>> potentially causing widespread security and safety problems, I think it
>> is evil. 
> 
> Yeah, and once upon a time people made use of gets().  The response was
> to demand that people replace gets() with fgets().  Why should the
> response to this class of bug -- relying on undefined behavior in a
> safety check -- be any different?

Excellent example. I completely agree, it shouldn’t be.  But it is: 

1. The gets() problem was a real one affecting most, if not all platforms, not obscure hypothetical platforms or code generators of which no one seems to be able to give a real-world example.

2. The gets() problem was a security issue that was taken seriously, not brushed of with some variant of “that’s how C works, if you don’t like it, don’t use C.”

3. A clear, workable alternative, fgets(), was thought out and provided first.

4. The transition was encouraged by first depreciating gets() and then removing it from the C library, NOT by having the optimizer silently mung your code if you use gets().

...

> If your bank runs inefficient code and passes the extra operational
> costs on to you, will you be comforted by the knowledge that they did
> not use an optimizing compiler?

Knowing what I know, absolutely. If I could find a bank like that, I’d give them all my business.

I think we’re done with this thread. Thank you for a courteous exchange. You’re welcome to have the last word.


Arnold Reinhold