TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: THE NATURAL PHILOSOPHER
from: RICHARD KETTLEWELL
date: 2018-04-23 17:48:00
subject: Re: Apologies where they
The Natural Philosopher  writes:
> On 23/04/18 14:32, Richard Kettlewell wrote:
>> The Natural Philosopher  writes:
>>> On 23/04/18 12:11, Richard Kettlewell wrote:
>>>> CVE-2009-1897 is a famous example. A comparison compiled to_no_
>>>> assembler instructions, due to the context in which it appeared, thereby
>>>> introducing a vulnerability. Merely re-ordering a couple of statements
>>>> would have produced the “expected” assembler, illustrating that the
>>>> relationship between C and assembler is not direct but actually can be
>>>> highly contextual.
>>>
>>> CVE-2009-1897 appears to be 'derefencing a null pointer'..
>>>
>>> Are we talking about the same thing? - I am genuinely interested, not
>>> trying to just argue..
>>
>> The outcome is a null pointer dereference, which an attacker can
>> leverage to execute arbitrary code with kernel privilege. That much is
>> not exceptional. The interesting bit (in the context of this thread) is
>> that in the source code _there is a check for a null pointer_, which the
>> compiler eliminates as a result of reasoning about the function as a
>> whole.
>
> Right. so the compiler reasons that if dereferencing the pointer
> succeeds and doesnt cause a core dump or other extrreme nasty, it
> can't have been a null pointer?

Essentially yes.

> I have to say however that not only is the second piece of code a very
> badly written piece of code, but that I am surprised that compilers
> would allow the second to happen...at least without warning.

Yes, the code as presented (and in the real example) is buggy. But
programmers write bugs all the time...

The original debate in 2009 also included the suggestion of warnings for
cases where the compiler exploits this kind of logic. But this
optimisation (and its many cousins) are legitimate optimizations, both
in the sense that it’s permitted by the spec and that they produce
smaller and faster code in the non-buggy cases; in other words there
would be many false positives.

Modern languages usually shrink or eliminate the set of undefined
behavior compared to C, meaning this issue doesn’t arise; but nobody
thinks any of them are ‘portable assembler’ despite the more
comprehensible mapping from source code to semantics l-)

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.