On Tue, Oct 4, 2016 at 11:43 AM, Matt Gingell <ging...@google.com> wrote:
> Hi Richard, > > Thanks for your analysis. > > This patch is intended to mitigate use-after-free bugs. In that context a > “define strict behavior for invalid pointer values” we could deploy in > production code would be very useful. Maybe calling this a sanitizer is > misleading, and instead it could be presented as “change implementation > defined behavior to be less convenient but more security friendly." OK, but you still need to address points #1-#3 of my email, which show things that go wrong with this patch if you interpret it in that way. Point #3 seems especially problematic. You can't store through the pointer before the destructor runs, because the destructor is permitted to look at the pointer, and you can't store through the pointer *after* the destructor runs, because the destructor might have (say) deallocated the memory containing the pointer.
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
