[stunnel-users] fix resource leaks and potential null

Jochen Bern Jochen.Bern at LINworks.de
Tue Feb 5 20:53:58 CET 2013


On 05.02.2013 19:44, Arthur Mesh wrote:
> On Tue, Feb 05, 2013 at 01:41:30PM -0500, Brian Wilkins wrote:
>> It's a variable that points to null.
> Only if you initialize it. It's not initialized during declaration, hence its
> value is "garbage" from stack.

... unless compiler/library/OS follow one of several modern standards
(ANSI C being one of them) that call for memory to be scrubbed upon
initial or re-use. Which certainly still isn't a bulletproof vest yet in
our day and age.

On 05.02.2013 19:52, Brian Wilkins wrote:
> You are completely correct in that regard, but checking if a pointer is
> null is a different concept.

In terms of memory allocation and scrubbing, a pointer is no different
from any other type with as many bytes as a memory address needs. In
other words, *if* scrubbing fails to happen, you have no better idea of
what its contents may be than "a bunch of random bits".

Technically, "the" NULL pointer doesn't need to be all zero bits (which
necessitates pinpointing when a *numeric* zero value requires to be
*explicitly* cast to a pointer type and when not; see, for example,
http://www.lysator.liu.se/c/c-faq/c-1.html ), nor does it even need to
be *exactly one* possible value (but they are still required to always
yield true with "=="; again, ANSI C is among those who say so, in
section 3.2.2.3).

However, dropping a *completely random* value into a pointer can fail to
provide "a NULL pointer" in far more ways than accidentally matching a
value that *was*, in fact, returned by malloc(), or happens to be the
"&" of some variable; there's no requirement that the content of
pointers shall be held against the TLB or whatever source of "legitimate
pointer values" to detect cases of "points to unassigned memory, hence
to be treated as a NULL pointer". Otherwise, we would have abolished
SIGSEGVs years ago - along with three orders of magnitude of the
hardware's computing power, I guess.

Regards,
								J. Bern
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel



More information about the stunnel-users mailing list