[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Invalid memory reads in first_non_fsm_start_char_cstring (utf_validate.c)

From: Hanno Böck <hanno_at_hboeck.de>
Date: Sun, 3 Jan 2016 15:46:38 +0100

On Sat, 26 Dec 2015 12:08:12 +0100
Branko Čibej <brane_at_apache.org> wrote:

> There's a world of difference between invalid memory and uninitialized
> memory.

Well, yes, they are different things. Invalid memory is memory not
allocated. Uninitialized memory is memory that hasn't been assigned a
value yet. But both are wrong. And in this case it's invalid memory.

Or to make it more specific:

Uninitialized memory:
int a;
int b=a;

Invalid memory:
int a[2]={1,1};
int b=a[2];

> In this case the memory is both valid (i.e., known to be
> allocated within the process) and properly aligned. The fact that it
> may not have been explicitly initialized does not affect the
> correctness of the code; there's no undefined behaviour being invoked
> here. The code relies on the fact that the size of allocated buffers
> is a multiple of the machine word size, which happens to be true for
> the APR pools we use;

What you're arguing here is that you're expecting certain architecture
and compiler specifics. But gcc may decide at any time to break your
assumptions. (In fact things like this really happen, see this example
[1] and this explanation [2]).

[1] https://mta.openssl.org/pipermail/openssl-dev/2015-March/001046.html
[2]
http://blog.frama-c.com/index.php?post/2013/03/13/indeterminate-undefined

-- 
Hanno Böck
http://hboeck.de/
mail/jabber: hanno_at_hboeck.de
GPG: BBB51E42

Received on 2016-01-03 15:46:32 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.