Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150713001914.GA8559@openwall.com>
Date: Mon, 13 Jul 2015 03:19:14 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: How serious is undefined behavior?

On Mon, Jul 06, 2015 at 06:17:34PM +0200, Hanno B??ck wrote:
> However I wonder how practically relevant these issues are and also
> how much focus should be given to them.

Related:

"What is C in practice? (Cerberus survey): Analysis of Responses"
http://www.cl.cam.ac.uk/~pes20/cerberus/notes50-2015-05-24-survey-discussion.html

A productive direction may be for the free software community (or an
even wider community, if possible) to agree on de facto mainstream C
standard, where certain kinds of UB and such would in fact be defined in
specific ways.

There would still remain many kinds of UB and such, but fewer of them
and the easier avoidable ones.

As things currently are, non-trivial programs sort of have to make
certain assumptions beyond what's guaranteed by C standards anyway.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.