From: Simon 'corecode' Schubert <corecode@fs.ei.tum.de>
To: Wincent Colaiuta <win@wincent.com>
Cc: Reece Dunn <msclrhd@googlemail.com>, Timo Sirainen <tss@iki.fi>,
Linus Torvalds <torvalds@linux-foundation.org>,
git@vger.kernel.org
Subject: Re: Buffer overflows
Date: Fri, 31 Aug 2007 14:48:57 +0200 [thread overview]
Message-ID: <46D80E39.8060106@fs.ei.tum.de> (raw)
In-Reply-To: <BD9F3FD0-94EF-4182-A03B-B26B18544894@wincent.com>
Wincent Colaiuta wrote:
>> As an example, do your safe API do null pointer checks. This is
>> because strcpy, strlen and the like don't, which is one of the reasons
>> why they are considered unsafe. But then, if you guarantee that you
>> are not passing a null pointer to one of these API, why take the hit
>> of the additional checks when you know that these are safe.
> Do you really think that comparing a pointer to NULL is going to be a
> speed hit? I would imagine that on most architectures it boils down to
> one or two machine code instructions.
The question rather is, why should you bother comparing to a NULL pointer? To return an error (EINVAL?)? I'd rather have either a) the caller check or b) the process segfault. A segfault gives me a nice core file which I can use to hunt the bug.
I also don't see why not checking for NULL pointers is unsafe. Okay, maybe there are platforms out there which do not crash on a NULL pointer derefence, but I doubt these are consumers of git. All other platforms are safe by the implicit check of the MMU.
The worst thing is something like
if (ptr == NULL)
abort();
which only adds code (and thus needs maintenance), but no value whatsoever. Either the following code tolerates NULL pointers or it will crash and segfault, so why bother panicing before.
Of course I might be totally of track...
cheers
simon
next prev parent reply other threads:[~2007-08-31 12:49 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-30 19:26 Buffer overflows Timo Sirainen
2007-08-30 20:26 ` Lukas Sandström
2007-08-30 20:46 ` Linus Torvalds
2007-08-30 21:08 ` Timo Sirainen
2007-08-30 21:35 ` Reece Dunn
2007-08-30 21:51 ` Timo Sirainen
2007-08-30 22:34 ` Reece Dunn
2007-08-31 10:52 ` Wincent Colaiuta
2007-08-31 12:48 ` Simon 'corecode' Schubert [this message]
2007-08-30 22:14 ` Junio C Hamano
2007-08-30 22:36 ` Pierre Habouzit
2007-08-30 22:41 ` Timo Sirainen
2007-09-02 13:42 ` Johan Herland
2007-09-02 15:11 ` Reece Dunn
2007-09-02 15:19 ` David Kastrup
2007-09-02 15:35 ` Reece Dunn
2007-09-03 0:19 ` Jakub Narebski
2007-09-03 0:31 ` Junio C Hamano
2007-09-02 17:17 ` René Scharfe
2007-09-02 17:39 ` Lukas Sandström
2007-08-31 4:09 ` Linus Torvalds
2007-08-31 5:00 ` Timo Sirainen
2007-08-31 9:53 ` Andreas Ericsson
2007-08-31 10:06 ` Johannes Schindelin
2007-08-30 21:48 ` [PATCH] Temporary fix for stack smashing in mailinfo Alex Riesen
2007-08-30 22:53 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46D80E39.8060106@fs.ei.tum.de \
--to=corecode@fs.ei.tum.de \
--cc=git@vger.kernel.org \
--cc=msclrhd@googlemail.com \
--cc=torvalds@linux-foundation.org \
--cc=tss@iki.fi \
--cc=win@wincent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).