[coreboot] v3 interaction problems with recent gcc?

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Fri May 2 05:23:45 CEST 2008


please be careful with any recent gcc if you expect it to compile
v3/lib/lar.c the way it is intended to. We are likely to be affected by
US-CERT Vulnerability Note VU#162289: C compilers may silently discard
some wraparound checks.

More info here:

Basically, it turned out that a long-time recommended C secure
programming practice depended on undefined behaviour and nobody figured
this out for years. Now that compilers optimize away undefined code all
those wraparound checks explode.

Most of the proposed fixes to existing code so far have been ugly
(casting pointers to unsigned long) or advocate changing the code
structure (calling an extra function to check for wraparound).

v3/lib/lar.c:find_file() has the following for loop:
> char *walk;
> [...]
> for (walk = archive->start;
>       (walk < (char *)(archive->start + archive->len - sizeof(struct
> lar_header))) &&
>                  (walk >= (char *)archive->start); walk += 16) {

AFAICS the check (walk >= (char *)archive->start) can be optimized away.

Pointers to other possible affected code would be appreciated.
Statements about the correctness of that for loop would be appreciated
as well.


More information about the coreboot mailing list