SoylentNews is people
SoylentNews
from the hubble,-bubble,-bits-cause-trouble dept.
Adrian Colyer presents a whitepaper by Wressnegger et al. on bugs caused by 32 to 64 bit transition. The paper deals specifically with going from the ILP32 data model used by Win32 and Linux, to the LLP64 (Win64) and LP64 (Linux) data models.
They did also find genuine vulnerabilities among those issues, in every single area the theory predicted they might exist. These include vulnerabilities in high profile projects such as Google's Chromium, the GNU C Library, the Linux Kernel, and the Boost C++ Libraries. The paper contains case studies in each of these areas.
Lots of people have studied integer-based flaws, but this is the first work to consider those introduced solely from the migration to 64-bit. Another thing to add to the ever-growing worry list!
I think if somebody is being careless this might sound unintuitive. Also it's always nice to see real life results that corroborate theory.
(Score: 0) by Anonymous Coward on Monday November 21 2016, @03:49PM
is what DIFFERENT security vulnerabilities show up if the same code is compiled for the x32 ABI instead of amd64 or x86? Since the pointers would be 32 bit but the integers 64 bit, it seems like there are lots of similiar cornercases which could show up due to the differences in type handling for that abi.