[Info-vax] VMS and the embedded world, was: Re: PowerX Roadmap - Extended beyond 2020
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Oct 25 09:22:32 EDT 2016
On 2016-10-24, Bill Gunshannon <bill.gunshannon at gmail.com> wrote:
> On 10/24/16 4:13 PM, Simon Clubley wrote:
>>
>> I would hope that this company gave _very_ careful attention to the
>> _exact_ instructions used in the MACRO-32 source when generating the
>> C code to make sure that unsigned data really did get treated as
>> unsigned data.
>>
>> Otherwise that could have been a wonderful source of security
>> vulnerabilities.
>
> I don't see the security vulnerability (but then, I can't see the actual
> code) but I can see where the results would frequently (if not always)
> be just plain wrong.
>
It belongs to the class of vulnerabilities known as signed integer
overflow vulnerabilities.
Since this is unsigned data in a signed integer, then most of the time
things would be absolutely fine. It's when the numbers get big enough
to go negative in a signed integer that things get very interesting
and potentially very dangerous.
Some background reading:
https://cwe.mitre.org/data/definitions/190.html
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list