On 23/04/18 12:11, Richard Kettlewell wrote:
> CVE-2009-1897 is a famous example. A comparison compiled to_no_
> assembler instructions, due to the context in which it appeared, thereby
> introducing a vulnerability. Merely re-ordering a couple of statements
> would have produced the “expected” assembler, illustrating that the
> relationship between C and assembler is not direct but actually can be
> highly contextual.


CVE-2009-1897 appears to be 'derefencing a null pointer'..

Are we talking about the same thing? - I am genuinely interested, not
trying to just argue..

I think anyone who codes should be aware of the vulnerability of a
language - as I discovered in Javascript when Microsofts browser
interpreted a variable as a string while mozillas did, as a number.



--
Of what good are dead warriors? … Warriors are those who desire battle
more than peace. Those who seek battle despite peace. Those who thump
their spears on the ground and talk of honor. Those who leap high the
battle dance and dream of glory … The good of dead warriors, Mother, is
that they are dead.
Sheri S Tepper: The Awakeners.

--- SoupGate-Win32 v1.05