[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Ray Dillinger
bear at sonic.net
Fri Oct 30 01:54:30 EDT 2015
On 10/29/2015 08:58 PM, Peter Gutmann wrote:
> __attribute__(( nonnull 1 )) \
> int double( int *ptr )
> {
> if( ptr == NULL )
> return( -1 );
> return( *ptr * 2 );
> }
>
> [...]
> thing = double( thingPtr );
> [...]
I have never used that annotation in earnest yet, but
I'll give it a guess....
You claimed to be passing it a pointer to an integer,
with an annotation that told it that a null pointer
was an error.
Therefore gcc developers will claim it is entitled to
assume the pointer is Non-Null. (or rather, that the
program has no semantic requirements in the case where
the pointer is non-null).
Therefore I'm guessing it elides the test for null and
its consequent return statement as dead code, then crashes
(if you in fact HAVE called it with a null pointer)
when it tries to dereference the pointer in order to
multiply it by 2.
Am I wrong?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151029/2fb2f6de/attachment.sig>
More information about the cryptography
mailing list