Bruno Wolff III wrote:
Obviously, but if you read (reread?) the report:On Mon, Jul 27, 2009 at 18:38:03 -0400, Bill Davidsen <davidsen@xxxxxxx> wrote: The claim is that the test is optimized away, and that would seem to be a separate issue from using the value of tun before testing.if (!tun) return POLLERR; // if tun is NULL return error This code looks perfectly ok, right? Well, it is, until the compiler takes this into its hands. While optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. Note that I was pointing out the report, not making any claims that it was correct. That's what the "until checked" in my post meant, someone should verify that the compiler doesn't have a bug separate from the dereference. I wouldn't have written it that way at all, putting the initialize in the definition, but it could be written struct sock *sk = (tun ? tun->sk : NULL); // initialize sk with tun->skwhich would avoid the dereference, but making the code even more obscure than tunnel code must be. -- Bill Davidsen <davidsen@xxxxxxx> Obscure bug of 2004: BASH BUFFER OVERFLOW - if bash is being run by a normal user and is setuid root, with the "vi" line edit mode selected, and the character set is "big5," an off-by-one error occurs during wildcard (glob) expansion. |
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
