[Novalug] "NULL pointer dereference" bug
Paul W. Frields
stickster at gmail.com
Sat Jul 18 12:32:17 EDT 2009
On Sat, Jul 18, 2009 at 07:45:26AM -0400, Ed James wrote:
> Paul,
>
> Normally, yes, either by oversight or "assumptions". In this
> case, it appears that the null pointer check is there, in the source
> code, but is removed by the optimizer. This reinforces my distrust
> of optimizers. My reference is:
>
> http://www.theregister.co.uk/2009/07/17/linux_kernel_exploit/
There are more well-informed opinions here:
http://lwn.net/Articles/341773/#Comments
Basically, gcc is within its rights to optimize this way, but it's a
fascinating problem. If I read the comments right, the kernel build
process could add a compiler flag to not optimize in this case, which
would stifle the exploit; but better code would fix the underlying
problem. I'm not enough of an expert to weigh in either way.
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
More information about the Novalug
mailing list