lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8d2e8196cae74ec4ae20e9c23e898207@AcuMS.aculab.com>
Date:   Tue, 1 Oct 2019 14:36:09 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Dan Carpenter' <dan.carpenter@...cle.com>,
        Denis Efremov <efremov@...ux.com>
CC:     "devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>,
        Jes Sorensen <jes.sorensen@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Hans de Goede <hdegoede@...hat.com>,
        Bastien Nocera <hadess@...ess.net>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Larry Finger <Larry.Finger@...inger.net>
Subject: RE: [PATCH] staging: rtl8723bs: hal: Fix memcpy calls

> From: Dan Carpenter
> Sent: 01 October 2019 14:57
> Subject: Re: [PATCH] staging: rtl8723bs: hal: Fix memcpy calls
...
> That's true for glibc memcpy() but not for the kernel memcpy().  In the
> kernel there are lots of places which do a zero size memcpy().

And probably from NULL (or even garbage) pointers.

After all a pointer to the end of an array (a + ARRAY_SIZE(a)) is valid
but must not be dereferenced - so memcpy() can't dereference it's
source address when the length is zero.

> The glibc attitude is "the standard allows us to put knives here" so
> let's put knives everywhere in the path.  And the GCC attitude is let's
> silently remove NULL checks instead of just printing a warning that the
> NULL check isn't required...  It could really make someone despondent.

gcc is the one that add knives...

This reminds me of me of a compiler that decided to optimise away
checks for function addresses being NULL.
At almost exactly the same time that ELF allowed for undefined weak symbols.
Checking whether a function was actually present was non-trivial.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ