It is currently Thu, 20 Sep 2018 02:44:21 GMT



 
Author Message
 Linux NULL pointer dereferencing
Hi,

I am currently porting an application from the IBM/AIX platform to
Linux. One major issue is that null-pointer dereferencing *is* allowed
on AIX. In short, the following code is valid on AIX while it
generates a segmentation violation on Linux:

  char* x;
  x = NULL;
  if (*x != NULL) {
    // code here ...
  }

Obviously, in AIX it is allowed to read memory page 0, while in Linux
this is an error. On AIX the construct (*((char*)NULL)) evaluates to
NULL. Unfortunately, there is about 200.000 lines of code and the
programmers that wrote them used this AIX "feature" extensively.

Is there a way to make this code working on Linux? One idea is to
create a memory page 0 (zero) that is readable/writable for a process.
On memory address 0 I can write the value NULL so that *NULL gives
NULL in Linux too. Does anyone know how (if) this can be accomplished?

- Richard.



 Fri, 26 Aug 2005 21:09:25 GMT   
 Linux NULL pointer dereferencing

news:96e2fec9.0303100509.31047861@posting.google.com...

Just out of curiosity (I have no idea how to actually help you with your
problem...), what is the point of trying to dereference NULL ?  It should
only ever happen by mistake - the construct "*((char*)NULL)" should, by all
C standards since the language's conception, be undefined or illegal.  Even
if it happens to give a value (which depends on the memory maps in use), the
reply cannot possibly be legally NULL since NULL is a pointer type, not a
char.  You have to ignore every sort of error checking and every concept of
safe program design and C standards to write a program snippet like this
one.

The correct thing to do, I think, is to change all such lines to "if (x !=
NULL) {" - i.e., remove the *.  This will make it type safe, portable,
legal, and more efficient (even on AIX).  If it is used a lot, then write
some sort of script to find these expressions.



 Fri, 26 Aug 2005 21:56:49 GMT   
 Linux NULL pointer dereferencing

Great :-}

This programming style should be banned forever and the developers hit with
a big, large and very heavy hammer.

I'd suggest you create a script which replaces the if (*x !=NULL) by a "if
(x!=NULL) else if (*x!=NULL)" line (including the appropriate brackets) and
then recompile.

I don't see much sense in the statement above.

Oliver
--
_____________________________________________
Oliver Fels
Feed manager/Coordination
Project OPIE- the Open Palmtop Integrated Environment
http://opie.handhelds.org | http://www.opie.info (german)
IRC: irc.freenode.net #opie #opie.de



 Fri, 26 Aug 2005 21:21:27 GMT   
 Linux NULL pointer dereferencing
In article <96e2fec9.0303100509.31047...@posting.google.com>,

This is more a matter of compilers than of operating systems.
Read the FAQ in comp.lang.c about null pointers.

This code is severely broken.
(Assuming the definition of NULL doesn't hide even more
embarassing details)

For example :

The following is standard conforming portable code in a
reasonable

char y= '\000';
char *x =&y;
if ( *x != NULL ) { /* This code gets skipped */ }

NO NO NO!
In standard conforming language a null pointer is a pointer
that can be generated by statements like
   x = 0
and subsequent tests
   x == 0
give true.
(The actual bit pattern in x may be not 0 , e.g. on a transputer
 x=0; printf("%x\n", (int)x );
 probably prints  80000000
For a NULL pointer dereferencing is ILLEGAL.
So while AIX may allow **NULL there is no "obvious" reason that
any real memory is involved. NULL pointers are idiom, fictive.

This code is not portable.
You have no choice than go through this 200.000 lines of code.
sed is your friend though. This is not as bad as it looks.

Having done quite some maintenance I offer you the following
advice :

Don't try to port this code to Linux, not straight away.

1. Edit the code on IBM, such that all dereferencing of
null pointers disappear.
2. test the code (hopefully there is a regression test,
if not, make one on the spot. Any other approach is wasting
your time.) ON THE IBM.
A useful test is the following. Compare the generated assembler code
before and after the change. If the assembler code is the same (or
equivalent), that is better than any amount of run time testing. It is
quite possible that inspection of the assembler code is very easy and
involves very few cases.
Again sed is your friend.
This is however not a test against specifications, and not useful
for testing on Linux.
3. Make sure that the old code on IBM disappears. In this way
you oblige any old IBM-ers to help testing the new code.
4. Now just happily run the code on any other system.

Don't even try to run that code on any other system, you are
wasting your time big.

So I repeat.

DON'T ALLOW THIS {*filter*}CODE ON YOUR LINUX SYSTEM.
GET THE {*filter*}OUT OF THE SOURCE AND VERIFY THAT IT STILL RUNS
        ON THE IBM.
THEN INSTALL IT ON LINUX.

BE RUDE TO YOUR BOSS IF HE WANTS TO DO OTHERWISE.

There is a carrot too:
Half decent c-code runs unchanged on both systems.
That is very healthy for future maintainenance.

If you really want to waste your time:

        the code of gcc is available.
        You can break the compiler by changing it to be IBM-compatible

--
Groetjes Albert
--
Albert van der Horst,Oranjestr 8,3511 RA UTRECHT,THE NETHERLANDS
Q.: Where is Bin? A.: With his ma. Q.: That makes the Saudi's
terrorists, then?  A.: No, George already owns their oil.
alb...@spenarnc.xs4all.nl     http://www.**-**.com/



 Sat, 24 Sep 2005 20:09:38 GMT   
 Linux NULL pointer dereferencing
Albert van der Horst wrote:

Try this:
    if (x != NULL)  // rather than if (*x != NULL)
This will work universally.



 Mon, 10 Oct 2005 13:22:39 GMT   
 Linux NULL pointer dereferencing
"Grieg Pedersen, Information Systems Engineer"  <grieg-n...@PedersenDigital.com> writes:

You'd better try:

        if (x && (*x != NULL))

It does prevent dereferencing of x, if X is the NULL pointer.

It is not elegant but prevents programs from crashing, that assume
that dereferencing the NULL pointer returns 0.

Of course, it is better to fix the program in question. This fix will
be a win for the original platform, too, so it sould make its way into
the common code part, not into the linux port.

If you do not want to fix the code at all (just get along with NULL
pointer dereferencing), ou could just create memory at adress 0. Look
at the following code (without error checking):

        #include <stdio.h>
        #include <unistd.h>
        #include <sys/mman.h>

        int main(int argc, char *argv[])
        {
          char *x = NULL;
          mmap(0, 512, PROT_READ,MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS,0,0);

          printf("%d\n", *x);
        }

73, Mario
--
Mario Klebsch                                           ma...@klebsch.de
PGP-Key available at http://www.klebsch.de/public.key
Fingerprint DSS: EE7C DBCC D9C8 5DC1 D4DB  1483 30CE 9FB2 A047 9CE0
 Diffie-Hellman: D447 4ED6 8A10 2C65 C5E5  8B98 9464 53FF 9382 F518



 Tue, 11 Oct 2005 04:04:38 GMT   
 Linux NULL pointer dereferencing
On Thu, 24 Apr 2003 22:04:38 +0200, ma...@klebsch.de (Mario Klebsch)
wrote:

But it's not the same test.  You're checking for a pointer not null,
while the original code tests for a non-zero char.  The following will
work universally:

        if( x )
        {
          if( *x != '\0' ) { /* code here */ }
        }

Note that the original comparison of *x to NULL is not valid either,
since NULL is defined as a pointer to void with a value of zero, and
*x is a char, not a pointer.  Most compilers will overlook this and
cast the NULL value to zero.

No it doesn't.  C does not guarantee the order of evaluation of
compound expressions, so the *x != NULL may be the first test.

- Show quoted text -

Best,
Leigh Bassett
Software architect and embedded systems guru.
Registered Linux user #307936


 Wed, 12 Oct 2005 00:24:44 GMT   
 Linux NULL pointer dereferencing

Yes it does, and it always has.  Quoting K&R (1st ed) section
7.11, first paragraph:

  The && operator groups left-to-right.  It returns 1 if both
  its operands are non-zero, 0 otherwise.  Unlike &, &&
  guarantees left-to-right evaluation; moreover the second
  operand is not evaluated if the first operand is 0.

Wrong.

If && didn't short-circuit left-to-right, most of the
existing C programs would break.

--
Grant Edwards                   grante             Yow!  Half a mind is a
                                  at               terrible thing to waste!
                               visi.com            



 Wed, 12 Oct 2005 01:59:29 GMT   
 
   [ 8 post ] 

Similar Threads

1. Linux NULL pointer dereferencing

2. compiler/linker options re dereferencing null/uninitialized pointers

3. Dereferencing NULL pointers in AIX

4. dereferencing NULL pointers in AIX

5. 2.4.16 Fix NULL pointer dereferencing in agpgart_be.c

6. GCC and dereferencing NULL

7. fix NULL dereferencing in dcache.c

8. 2.4.5-ac9 console NULL pointer pointer dereference

9. Dereferencing pointer to incomplete type

10. Dereferencing pointer to incomplete type


 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software