[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Dereference of NULL-Pointer when using list.h

To: "Hendrik Post" <hendrik@xxxxxxxxxxxx>
Subject: Re: Secure Dereference of NULL-Pointer when using list.h
From: "Anupam Kapoor" <anupam.kapoor@xxxxxxxxx>
Date: Wed, 4 Oct 2006 15:24:04 +0530
Cc: kernelnewbies@xxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RUOx1Q710knQ4cNN4/bNxLdMQbW1XVaaC/dAmqIP4eQYCWjsKReF0FIjpQFQt7blIDviLMgXB+YWldtoXMGiAct+Azk0DKnxJvhQ2E/jVOBfs2ibDxdHx8t7CdMLnEU25Z3dFPBQRP17GwgGz85vXUuIlDg6ER4jbgY0AjtpsF0=
In-reply-to: <45237C3C.2010602@hangschaf.de>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <45237C3C.2010602@hangschaf.de>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

GCC translates the expression into the offset of the field port_list as
intended, but doing this involves dereferencing a NULL-pointer
(evaluates to 0). The expression can only be correct if one assumes that
the dereference will be optimized away - why is it safe to assume that?

this is similar to the offsetof(...) macro (stddef.h). but basically
it (the offsetof macro at-least) works like this [consider a shorter
sample  "& ((S *0) ->foo) )"]:

1. (( S *)0) :       takes the integer zero and casts it as a pointer to S.
2. ((S *)0)->foo: dereferences that pointer to point to structure member foo.
3. &(((S *)0)->foo):  computes the address of foo

does that make any sense ?

kind regards
anupam
--
In the beginning was the lambda, and the lambda was with Emacs, and
Emacs was the lambda.

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

References:
- Secure Dereference of NULL-Pointer when using list.h
  - From: Hendrik Post

Prev by Date: Re: Secure Dereference of NULL-Pointer when using list.h
Next by Date: Help regarding the socket tos
Previous by thread: Re: Secure Dereference of NULL-Pointer when using list.h
Next by thread: Help regarding the socket tos
Index(es):
- Date
- Thread