Subject: Re: [edk2] Common, pedantic, bug in embedded C. * (char *)0x00000000 = 1
From: Andrew Fish <email@example.com>
Date: 2013-03-08 17:52:22
On Mar 8, 2013, at 8:52 AM, "Brian J. Johnson"
wrote: > On 03/07/2013 08:12 PM, Mcdaniel, Daryl wrote: >> ... >> Another interesting bit of trivia about null pointers from the >> ISO/IEC 9899:199409 C language specification (C95, 1995): >> "A null pointer is guaranteed to compare unequal to a pointer to any >> object or function." >> >> "The C Programming Language", 1978, by Kernighan and Ritchie states: >> "C guarantees that no pointer that validly points at data will >> contain zero, so a return value of zero can be used to signal an >> abnormal event." >> >> This is only a problem if you attempt to create a pointer using >> constants, such as (char *)0x00000000. By definition, this is a NULL >> pointer and cannot point at data. But, any pointer that becomes zero >> (NULL) during program operation can be dereferenced. "Safe" systems >> sometimes put a trapping instruction at 0x00000000 so that if someone >> dereferences a NULL function pointer it will be trapped before things >> disintegrate. If the trapping instruction is read as data, it is a >> known value that if seen during debug is an indication that you might >> be dereferencing a null pointer. > > We've implemented a similar "safety" check in our BIOS by modifying the > segment descriptors (in 32-bit mode) and the 1:1 page tables (in 64-bit > mode) to prohibit access to addresses 0-4095. That caught some bugs and > unforseen end cases in our code. > > Unfortunately this check interfered with the CSM, so we were not able to > use it in production. But it might be a handy option (under a PCD > feature flag, of course) to have available in EDK2. We have done this too. I agree it is useful. We had to add a mechanism to turn it off to support the CSM. Thanks, Andrew Fish ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ edk2-devel mailing list firstname.lastname@example.org https://lists.sourceforge.net/lists/listinfo/edk2-devel