This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] string: Add tests for zero length string inputs
- From: Rich Felker <dalias at libc dot org>
- To: Richard Earnshaw <rearnsha at arm dot com>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, Will Newton <will dot newton at linaro dot org>, "Ondr(ej BÃlka" <neleai at seznam dot cz>, libc-alpha <libc-alpha at sourceware dot org>
- Date: Tue, 23 Sep 2014 11:06:19 -0400
- Subject: Re: [PATCH] string: Add tests for zero length string inputs
- Authentication-results: sourceware.org; auth=none
- References: <1410910830-20900-1-git-send-email-will dot newton at linaro dot org> <20140919112302 dot GA2912 at domone> <CANu=Dmgn75GZU8my6fcCp1AyJRw8jEJVhaGTD+5mjOrXB_ENGw at mail dot gmail dot com> <542049A4 dot 1070409 at arm dot com> <54206104 dot 7020607 at cs dot ucla dot edu> <54216D4B dot 30505 at arm dot com> <54217C61 dot 8080603 at cs dot ucla dot edu> <54218A93 dot 5000204 at arm dot com>
On Tue, Sep 23, 2014 at 03:58:27PM +0100, Richard Earnshaw wrote:
> On 23/09/14 14:57, Paul Eggert wrote:
> > Richard Earnshaw wrote:
> >
> >> if src+1 can point outside of the address space of the program
> >
> > As Andreas points out, src+1 does not point outside the address space of
> > the program. It is a valid pointer.
> >
>
> OK, so do we agree that for a valid pointer P, if P is *not*
> dereferencable, then P-1 must be? Put another way, if P and P-1 are in
> the same 'page' then it is safe to dereference them.
Nope.
struct foo {
char a;
int b[];
}
struct foo *bar = malloc(sizeof *bar);
int *p = (int *)((unsigned char *)bar + offsetof(struct foo, b));
Now neither p nor p-1 is dereferencable, but p is a valid pointer (to
a byte within the representation array of *bar, cast to int*).
Note that the reason I used a flexible array member was to get an
offset that's valid for an object of type int (so that the cast to
int* isn't an alignment violation) but where no object actually
exists.
Rich