@safe and null dereferencing
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Thu Jul 27 12:46:45 PDT 2017
On Thursday, 27 July 2017 at 17:52:09 UTC, H. S. Teoh wrote:
> On Thu, Jul 27, 2017 at 11:03:02AM -0400, Steven Schveighoffer
> via Digitalmars-d wrote: [...]
>> However, there do exist places where dereferencing null may
>> NOT cause a segmentation fault. For example, see this post by
>> Moritz Maxeiner:
>> https://forum.dlang.org/post/udkdqogtrvanhbotdoik@forum.dlang.org
>>
>> In such cases, the compiled program can have no knowledge that
>> the zero page is mapped somehow. There is no way to prevent
>> it, or guarantee it during compilation.
> [...]
>
> There is one flaw with Moritz's example: if the zero page is
> mapped somehow, that means 0 is potentially a valid address of
> a variable, and therefore checking for null is basically not
> only useless but wrong: a null check of the address of this
> variable will fail, yet the pointer is actually pointing at a
> valid address that just happens to be 0. IOW, if the zero page
> is mapped, we're *already* screwed anyway, might as well just
> give up now.
The point of the example was to show that exploiting the "null
dereferences segfault" assumption on a modern Linux system to
create completely unexpected behaviour (in the case I showed
fgetc is going to make the process hang -> denial of service with
hard to detect cause) and break any D program's @safe correctness
is almost trivial.
More information about the Digitalmars-d
mailing list