wasting my time reading bad mailing lists

[shallowness]

George Guiniski (aka the guy who disclosed those OpenBSD kernel bugs, annoying blackhats everywhere) pointed out a gcc bug:

$ gcc --version
2.95.3
$ cat gcc-crash.c
int main(void)
{
printf("%c","msux"[0xcafebabe]);
}
$ gcc gcc-crash.c
gcc: Internal compiler error: program cc1 got fatal signal 11
After wallowing through the fud someone finally

Comments

[evan]

I imagine buffer underflows are (for example) indexing arrays by negative offsets. It seems pretty unuseful, though I could imagine a function that took in a buffer from a function lower on the stack might be able to clobber its own return address (but don't look at that too hard, because I don't really know what I'm talking about).

My (C-language-lawyer) prof was just telling me yesterday that the C spec says that the array subscript operator takes an unsigned integer, but I doubt that actually translates to machine code(?).