[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Dereference of NULL-Pointer when using list.h

To: "Hendrik Post" <hendrik@xxxxxxxxxxxx>
Subject: Re: Secure Dereference of NULL-Pointer when using list.h
From: "Jinesh K J" <jineshkj.newsletters@xxxxxxxxx>
Date: Wed, 4 Oct 2006 23:12:12 +0530
Cc: kernelnewbies@xxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IiJ78PDqnSxdJ8anLm/o1Wif5WHkQoi2jjshPrkOIYxQ+xJKwf0WrWR0W9Awuf8RF/1fuHbWnyml5OK6GX8/KXa5sIkTJ+W5ulu9fr0irX+dL/O9PVqBzQr5nXCCFFt28RxAIdOVkF4DSRFHBiesLPRPDnZoWlcNPEjL+OeHnk4=
In-reply-to: <45239E94.7070909@hangschaf.de>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <45237C3C.2010602@hangschaf.de> <Pine.LNX.4.64.0610041134500.7554@lnxricardw.se.axis.com> <45239E94.7070909@hangschaf.de>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

On 10/4/06, Hendrik Post <hendrik@xxxxxxxxxxxx> wrote:

Hi Ricard,

Thank you for your answer. My problem was my incorrect (?) understanding
of "s->foo". I thought it being equivalent to "(*s).foo" rather than a
direct offset calculation.


They are equivalent. The rule is simple, no value is read unless a
read operation is performed. Also, no value is written unless a write
operation is performed. When you write

a = b;

read operation is required on 'b', and a write on 'a'. But when you say

a; // no operation is specified here

or

; // an empty statement

neither read nor a write is asked to perform by us. The compiler will
thus silently ignore such a statement since we have not asked for any
particular operation over 'a'. A read or write operation has two
steps:

Step 1: Get the address of the variable upon which to operate on
Step 2: Read/Write to that address

Now, when you write

a = &b;

both the above steps are performed over 'a' whereas only step 1 is
performed over 'b'. It's because we've not asked the compiler to do
that. Therefore when you say

a = &(s->foo);

the possible steps are:

Step 1: Get the address of s
Step 2: Read the value(address) contained in s
Step 3: Get the address of member foo inside s
Step 4: Read the value of foo

Step 4 is not performed because we've already obtained our required
result in Step 3 or in other words - we've not asked the compiler to
read the value of foo; only the address of it.

I think I've explained too much,

Best of Luck,

Jinesh.

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

Follow-Ups:
- Re: Secure Dereference of NULL-Pointer when using list.h
  - From: Ricard Wanderlof

References:
- Secure Dereference of NULL-Pointer when using list.h
  - From: Hendrik Post
- Re: Secure Dereference of NULL-Pointer when using list.h
  - From: Ricard Wanderlof
- Re: Secure Dereference of NULL-Pointer when using list.h
  - From: Hendrik Post

Prev by Date: Re: Secure Dereference of NULL-Pointer when using list.h
Next by Date: /dev during boot
Previous by thread: Re: Secure Dereference of NULL-Pointer when using list.h
Next by thread: Re: Secure Dereference of NULL-Pointer when using list.h
Index(es):
- Date
- Thread