[FFmpeg-devel] [RFC] Sechole in gcc 3.3+ and 4.*

Wolfram Gloger wmglo
Mon Apr 7 16:19:48 CEST 2008


Hi,

> Lars T=E4uber, told me about a sechole in gcc 4.2+
> http://www.heise.de/newsticker/GCC-optimiert-Sicherheitspruefungen-weg--/me=
> ldung/106097

Oh no, the worst Heise news article in months, if not years.  Please
check the comments also, not just the grossly misleading article.

> http://www.kb.cert.org/vuls/id/162289
> 
> The issue described though is rather harmless.

Indeed -- in particular there is certainly no such "sechole" in gcc.

> AFAIK addition of signed integers is not an undefined operation in C.

Offtopic, and no relation to the Heise or CERT articles.

> Comments welcome...

Your gcc bashing was much more convincing last time..

SCNR,
Wolfram




More information about the ffmpeg-devel mailing list