[fpc-devel] Dangerous optimization in CASE..OF
Mark Morgan Lloyd
markMLl.fpc-devel at telemetry.co.uk
Sun Jul 2 10:30:32 CEST 2017
On 01/07/17 22:45, Martok wrote:
> This is fine if (and only if) we can be absolutely sure that theEXPRESSIONRESULT always is between [low(ENUM)..high(ENUM)] - otherwise %eax inthe example above may be anywhere up to high(basetype)'th element of thejumptable, loading an address from anything that happens to be located after ourjumptable and jumping there. This is, I cannot stress this enough, extremelydangerous! I expect not everyone follows recent security research topics, sojust believe me when I say that: if there is any way at all to jump "anywhere",a competent attacker will find a way to make that "anywhere" be malicious code.
Is this made safe by always having an else/otherwise? If so, could the
compiler at least raise a warning if an enumeration was sparse but there
was no else/otherwise to catch unexpected cases?
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the fpc-devel
mailing list