Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: James Kuyper Newsgroups: comp.lang.c Subject: Re: A Famous Security Bug Date: Sat, 23 Mar 2024 12:51:58 -0400 Organization: A noiseless patient Spider Lines: 19 Message-ID: References: <20240320114218.151@kylheku.com> <20240321092738.111@kylheku.com> <87a5mr1ffp.fsf@nosuchdomain.example.com> <20240322083648.539@kylheku.com> <87le6az0s8.fsf@nosuchdomain.example.com> <20240322094449.555@kylheku.com> <87cyrmyvnv.fsf@nosuchdomain.example.com> <20240322123323.805@kylheku.com> <20240323090700.848@kylheku.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Injection-Date: Sun, 24 Mar 2024 00:45:20 -0000 (UTC) Injection-Info: dont-email.me; posting-host="811208a30f52470ed826a66a2c4763ae"; logging-data="4161940"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+pV6LNYwMnMh13vKZxsSpE3g7a8dvKwCA=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:2kEN3A4wMHouDUdcfGsAoYfi0CA= In-Reply-To: <20240323090700.848@kylheku.com> Content-Language: en-US Bytes: 2421 On 3/23/24 12:07, Kaz Kylheku wrote: > On 2024-03-23, David Brown wrote: .... >> That is true - /if/ you make the restriction that the translation unit >> is complied completely to linkable machine code or assembly, and that it >> is not changed in any way when it is combined into the new program. >> Such a setup is common in practice, but it is in no way required by the >> C standards and does not apply for more advanced compilation and build >> scenarios. > > Well, it's only not required if you hand-wave away the sentences in > section 5. Or, you could read the whole of section 5. 5.1.2.3p6 makes it clear that all of the other requirements of the standard apply only insofar as the observable behavior of the program is concerned. Any method of achieving observable behavior that matches the behavior that would be permitted if the abstract semantics were followed, is permitted, even if the actual semantics producing that behavior are quite different from those specified.