[patch] bus error in gcry_free
Werner Koch
wk at gnupg.org
Fri Feb 2 18:43:38 CET 2007
On Fri, 2 Feb 2007 16:31, christianbiere at gmx.de said:
> can easily cause aliasing issues. I find it much cleaner to clear structures
> using struct copying using a static const variable. This will definitely do the
> right thing and isn't any more effort. Typically this happens in one or two
> places for each struct only anyway.
This break a bunch of code, be it calloc or memset cleared structs.
But I have other things to do than to nitpicking on this.
> This has nothing to do with segmented memory. That's just one example to
Yes sure. The first premises is to make the code secure and mostly
bug free. Over-optimization of modern compilers makes this even
harder.
> "implementation-defined" in which case declaring platforms with segmented
> memory as unsupported would be fine. The standard say "undefined behavior" and
> that's emphasized by mentioning it. It would still be "undefined behavior"
Okay, granted.
> Casting pointers to integers and vice-versa is implementation-defined and will
> typically do exactly what you expect. So if I wanted to use such checks at all,
> I'd certainly use size_t (or unsigned long) because arithmetic with unsigned
> integers is well-defined.
So we end up with this:
size_t p_addr = (size_t)p;
size_t pool_addr = (size_t)pool;
return (pool_okay
&& p_addr >= pool_addr
&& p_addr < pool_addr+pool_size);
Thanks,
Werner
More information about the Gcrypt-devel
mailing list