On 05/11/2010 18:52, Daniel Gibson wrote:
Walter Bright schrieb:
bearophile wrote:
Walter Bright:
The $10 billion mistake was C's conversion of arrays to pointers when
passing to a function.
http://www.drdobbs.com/blog/archives/2009/12/cs_biggest_mist.html
Sadly, there's an ongoing failure to recognize this, as it is never
addressed in any of the revisions to the C or C++ standards,
I agree, that's a very bad problem, probably worse than null-related
bugs.
It's infinitely worse. Null pointers do not result in memory
corruption, buffer overflows, and security breaches.
Not entirely true: Null Pointer dereferences *have* been used for
security breaches, see for example: http://lwn.net/Articles/342330/
The problem is that one can mmap() to 0/NULL so it can be dereferenced
without causing a crash.
Of course this is also a problem of the OS, it shouldn't allow mmap()ing
to NULL in the first place (it's now forbidden by default on Linux and
FreeBSD afaik) - but some software (dosemu, wine) doesn't work without it.
Cheers,
- Daniel
I think Walter's point remains true: null pointers bugs are an order of
magnitude less important, if not downright insignificant, with regards
to security breaches.
I mean, from my understanding of that article, a NPE bug on its own is
not enough to allow an exploit, but other bugs/exploits need to be be
present. (in that particular case, a straight-flush of them it seems).
On the other hand, buffer overflows bugs nearly always make possible an
exploit, correct?
--
Bruno Medeiros - Software Engineer
