There’s some question about whether the fix is sufficient (maybe not) or whether the broken code also exists in earlier versions (looks like it to me). http://marc.info/?l=oss-security&m=136793743415430&w=2
By default, nginx compiles with just -O, so gcc won’t enable -fstrict-overflow, but who knows what options package builders use.
There’s some question about whether the fix is sufficient (maybe not) or whether the broken code also exists in earlier versions (looks like it to me). http://marc.info/?l=oss-security&m=136793743415430&w=2
By default, nginx compiles with just -O, so gcc won’t enable -fstrict-overflow, but who knows what options package builders use.