On 5/16/22 07:33, Michael Catanzaro wrote:
On Mon, May 16 2022 at 07:23:20 AM -0700, John Reiser <jrei...@bitwagon.com>
wrote:
Zero is the worst possible auto-int value. It will hide the most bugs.
That's true, but using zero also converts code execution vulnerabilities into
denial of service vulnerabilities. Dereference a NULL pointer and you get a
non-exploitable crash. Dereference 0x81818181 and you have a much more serious
problem at predictable location.
The goal of this change is to mitigate security bugs, and using a nonzero value
does not accomplish that goal.
Today on x86_64 Linux does not allow 0x8181...81 to be mapped in a user process
(except for i686 software running under x86_64 kernel, which may be prevented
via configuration choice), so the addressing fault for 0x8181...81 is just as
fatal
as for zero. SIGSEGV is generated in both cases, and handled independent
of address value.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
