[Swan-dev] integer overflows, silent killer
D. Hugh Redelmeier
hugh at mimosa.com
Wed Jan 23 17:55:36 UTC 2019
Most C implementations ignore signed integer overflow these day. Too
bad: in the distant past, I have broken the security of a several
systems by exploiting overflow.
GCC has a flag to catch integer overflow:
-ftrapv
This option generates traps for signed overflow on addition,
subtraction, multiplication operations.
(From
<https://gcc.gnu.org/onlinedocs/gcc-4.0.2/gcc/Code-Gen-Options.html>)
(The C language defines the result of unsigned integer overflow so it is
perfectly legal in C programs.)
I built and ran the test suite with this flag:
--- a/mk/userland-cflags.mk
+++ b/mk/userland-cflags.mk
@@ -43,7 +43,8 @@ USERLAND_CFLAGS+=$(OPTIMIZE_CFLAGS)
# Dumping ground for an arbitrary set of flags. Should probably be
# separated out.
-USERCOMPILE?=-fstack-protector-all -fno-strict-aliasing -fPIE -DPIE
+#USERCOMPILE?=-fstack-protector-all -fno-strict-aliasing -fPIE -DPIE
+USERCOMPILE?=-fstack-protector-all -fno-strict-aliasing -fPIE -DPIE -ftrapv
USERLAND_CFLAGS+=$(USERCOMPILE)
# Build/link against the more pedantic ElectricFence memory allocator;
I was amazed and heartened to find that no new crashes happened!
More information about the Swan-dev
mailing list