[llvm-dev] Overlapping memcpy
Mehdi Amini via llvm-dev
llvm-dev at lists.llvm.org
Mon Dec 7 23:28:58 PST 2015
> On Dec 7, 2015, at 10:28 PM, Maciej Adamczyk via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>> The lack of such error checking is one of the big reasons that libraries like
>> libjpeg, libpng, and so on have been a huge source of vulnerabilities in web
>> browsers for the last couple of decades. It sounds like your friend has
>> already added a security hole to his library, please discourage him from
>> adding any more.
> So far he has turned to memmove. He surely doesn't want the code working incorrectly and with unknowns he decided to play it safe. But we (me especially) wonder if it really is an issue as we fail to find anything that compiler or stdlib could exploit to make the code misbehave (as corrupting the buffer is OK in this case).
I think that other than corrupting the buffer, the compiler could deduce aliasing property on the pointers you supply to memcpy and exploit this information on the code surrounding the call to memcpy, leading to more unexpected behavior than just the memcpy corruption..
> Maciej Adamczyk
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
More information about the llvm-dev