zombie67
12-17-13, 06:11 PM
http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising-application-security
Four researchers in MIT’s Computer Science and Artificial Intelligence Laboratory, in a paper which is to be presented next week at the ACM Symposium on Operating Systems Principles, looked at the problem of optimization-unstable code, which is code that gets removed by a compiler because it includes undefined behavior. Undefined behavior is code which can behave unpredictably, such as dividing by zero, null pointer dereferencing and buffer overflows. Unlike other code, compiler writers are free to deal with undefined behavior however they wish. In some cases, they choose to eliminate it completely, which can lead to vulnerabilities if the code in question contains security checks.
http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
Four researchers in MIT’s Computer Science and Artificial Intelligence Laboratory, in a paper which is to be presented next week at the ACM Symposium on Operating Systems Principles, looked at the problem of optimization-unstable code, which is code that gets removed by a compiler because it includes undefined behavior. Undefined behavior is code which can behave unpredictably, such as dividing by zero, null pointer dereferencing and buffer overflows. Unlike other code, compiler writers are free to deal with undefined behavior however they wish. In some cases, they choose to eliminate it completely, which can lead to vulnerabilities if the code in question contains security checks.
http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf