> Perhaps another way to look at this issue is that the > libc library is at fault for dereferencing the NULL > pointer in printf. There is no need for it do > dereference the pointer, as it can (and should) check > for NULL first. > True indeed, but we also have the more general problem: what if the pointer in question is non-NULL, but still bogus (e.g., picked up out of uninitialized garbage)?
One approach to this was taken by IBM, where there is a machine instruction called TPROT (Test Protection). This instruction can be handed a suspicious address and an accessing process. TPROT then sets a flag as to whether or not that reference by that process would core if attenpted. TPROT can be used by the kernel to check itself as well. Years back I added this functionality to some of my UN*X hack-ees, as a syscall. But syscalls are more expensive than single instructions, even if it's a CISC box :(). --Jim This message posted from opensolaris.org _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
