[Swan] another kind of static checker for C/C++ code
D. Hugh Redelmeier
hugh at mimosa.com
Sat Nov 2 05:08:59 EET 2013
<http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising-application-security>
Finds bugs in code that are due to the license that C compilers have due
to undefined behaviour.
I remember a kernel bug that looked like this:
x = *p;
assert(p != NULL);
The C compiler said that the first statement proved that p was not NULL
(because otherwise the behaviour was undefined and ALL bets are off). So
it "knew" that the assertion was true and it need not evaluate it.
Compounding this problem was that this was in a kernel-crafted environment
where 0 actually pointed at real memory.
This WAS a kernel bug but the optimizing gcc made the effect much worse.
This article points to a project that claims to have a checker
that finds instances of this kind of bug.
We should try it on Libreswan code.
More information about the Swan
mailing list