When Correct Code Breaks: How Compilers Exploit Undefined Behavior
In 2009, a vulnerability was discovered in the Linux kernel that allowed privilege escalation. The code looked perfectly reasonable—a null pointer check designed to prevent crashes. But when compiled with optimization enabled, the check simply vanished. The compiler had every right to delete it. The code contained undefined behavior, and undefined behavior means the compiler can do whatever it wants. This wasn’t a compiler bug. It was the compiler doing exactly what the C standard allows it to do. Understanding this distinction is crucial for anyone writing systems code in C or C++. ...