How a simple bug in ML compiler could be exploited for backdoors? (1811.10851v1)

Abstract: Whenever a bug occurs in a program, software developers assume that the code is flawed, not the compiler. In fact, if compilers should be correct, they are just normal software with their own bugs. Hard to find, errors in them have significant impact, since it could result to vulnerabilities, especially when they silently miscompile a critical application. Using assembly language to write such software is quite common, especially when time constraint is involved in such program. This paper exposes a bug found in Microsoft Macro Assembler (ml for short) compiler, developed by Microsoft since 1981. This assembly has the characteristics to get high level-like constructs and high level-like records which help the developer to write assembly code. It is in the management of one of this level-like construct the bug has been found. This study aims to show how a compiler-bug can be audited and possibly corrected. For application developers, it shows that even old and mature compilers can present bugs. For security researcher, it shows possibilities to hide some unexpected behavior in software with a clear and officially non-bogus code. It highlights opportunities for including stealth backdoors even in open-source software.