CVE-2008-1685 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1685): gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might remove length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks.
Upstream bug: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26763
This is not a GCC bug as many other compilers perform the same exact optimization. This CERT announcement has caused quite a stir on the GCC mailing lists: http://gcc.gnu.org/ml/gcc/2008-04/msg00115.html
are you sure this is relevant ? the bug is clearly fixed in gcc-4.1.2 (which is the stable version), and i'm pretty sure gcc-4.2.3 and gcc-4.3.0 are fixed if you look at gcc svn, the issue was fixed in svn trunk at rev 112697. gcc-4.2 and gcc-4.3 were branched long after at that rev (117923 and 132392 respectively). so unless the bug was later re-introduced ... and if so, that gcc PR is not relevant
solution: write correct code