On Thursday, 27 July 2017 at 17:52:09 UTC, H. S. Teoh wrote:
On Thu, Jul 27, 2017 at 11:03:02AM -0400, Steven Schveighoffer
via Digitalmars-d wrote: [...]
However, there do exist places where dereferencing null may
NOT cause a segmentation fault. For example, see this post by
Moritz Maxeiner:
https://forum.dlang.org/post/udkdqogtrvanhbotd...@forum.dlang.org
In such cases, the compiled program can have no knowledge that
the zero page is mapped somehow. There is no way to prevent
it, or guarantee it during compilation.
[...]
There is one flaw with Moritz's example: if the zero page is
mapped somehow, that means 0 is potentially a valid address of
a variable, and therefore checking for null is basically not
only useless but wrong: a null check of the address of this
variable will fail, yet the pointer is actually pointing at a
valid address that just happens to be 0. IOW, if the zero page
is mapped, we're *already* screwed anyway, might as well just
give up now.
The point of the example was to show that exploiting the "null
dereferences segfault" assumption on a modern Linux system to
create completely unexpected behaviour (in the case I showed
fgetc is going to make the process hang -> denial of service with
hard to detect cause) and break any D program's @safe correctness
is almost trivial.