From: Adam Beneschan <adam@irvine.com>
Subject: Re: not null
Date: Thu, 5 Mar 2009 08:07:40 -0800 (PST)
Date: 2009-03-05T08:07:40-08:00 [thread overview]
Message-ID: <d911d448-40ae-4e01-8688-1420fdc04e8b@40g2000prx.googlegroups.com> (raw)
In-Reply-To: 49afe0a7$0$31878$9b4e6d93@newsspool3.arcor-online.net
On Mar 5, 6:24 am, Georg Bauhaus <rm.dash-bauh...@futureapps.de>
wrote:
> Adam Beneschan schrieb:
>
>
>
> > On Mar 4, 7:22 am, Georg Bauhaus <rm.dash-bauh...@futureapps.de>
> > wrote:
>
> >> The overall impact of refs not "attached" (to use
> >> an Eiffel term; not null is spreading through languages
> >> it seems; C++, too?) is a financial disaster, with
> >> possibly one exception: there is money in a business
> >> selling software components whose purpose is to guard
> >> the holes kept open by operating system sellers.
>
> >> (Antivirus etc.)
>
> > Is there any basis for this last comment? I've seen lots of reports
> > of vulnerabilities caused by buffer overflows combined with lack of
> > range checking, and by double-deallocation errors (deallocating the
> > same chunk of memory twice and making hash of your heap structures),
> > but I don't recall seeing any caused by null references. Errors
> > involving null references seem a lot more likely just to make programs
> > die unexpectedly, than to allow arbitrary code execution or the like.
>
> You have caught me in an argument over CeBIT discussions
> concerning the security of OSs and server software,
> so I might have been carried away.
>
> OTOH, the very presence of null values seems close
> to the causes of buffer overflow, of accessing/overwriting
> data off bounds, etc. This is simply because NULL
> (similarly, '\0') is thought of as a regular thing,
> for the programmer to handle routinely with any
> sequential piece of data.
On most systems, though, if you try to handle NULL as just with any
other pointer, and dereference it, your program will immediately crash
and burn on an invalid memory reference fault. Yes, I realize this
isn't the case on all platforms. Plus, in C, where pointer arithmetic
is common, you can add something to NULL and try to dereference that,
causing serious problems. So there do seem to be ways that bad use of
a null pointer could cause a program to behave in a way that would
allow a virus to get installed. I just think it's a lot less common.
-- Adam
next prev parent reply other threads:[~2009-03-05 16:07 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-04 14:44 not null Georg Bauhaus
2009-03-04 14:56 ` Hyman Rosen
2009-03-04 15:22 ` Georg Bauhaus
2009-03-04 16:16 ` Adam Beneschan
2009-03-05 14:24 ` Georg Bauhaus
2009-03-05 16:07 ` Adam Beneschan [this message]
2009-03-06 1:07 ` Hibou57 (Yannick Duchêne)
2009-03-04 16:09 ` Adam Beneschan
2009-03-04 20:38 ` Dmitry A. Kazakov
2009-03-05 1:54 ` Adam Beneschan
2009-03-05 8:42 ` Dmitry A. Kazakov
2009-03-05 1:32 ` Brian Drummond
2009-03-05 1:47 ` Adam Beneschan
2009-03-05 11:32 ` Brian Drummond
2009-03-05 15:06 ` Dmitry A. Kazakov
2009-03-05 13:57 ` Georg Bauhaus
2009-03-05 19:53 ` Jack Mitchell
2009-03-05 8:49 ` Jacob Sparre Andersen
2009-03-05 16:10 ` Adam Beneschan
2009-03-05 17:20 ` Jacob Sparre Andersen
2009-03-06 1:04 ` Hibou57 (Yannick Duchêne)
2009-03-06 12:01 ` Harald Korneliussen
2009-03-06 12:43 ` Jacob Sparre Andersen
2009-03-06 13:05 ` Harald Korneliussen
2009-03-06 15:21 ` Dmitry A. Kazakov
2009-03-06 16:59 ` Harald Korneliussen
2009-03-06 17:48 ` Dmitry A. Kazakov
2009-03-06 20:05 ` Georg Bauhaus
2009-03-06 21:31 ` Dmitry A. Kazakov
2009-03-04 16:19 ` Robert A Duff
2009-03-04 20:39 ` Colin Paul Gloster
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox