[openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init
Kurt Roeckx
kurt at roeckx.be
Fri Oct 16 18:50:48 UTC 2015
On Fri, Oct 16, 2015 at 04:50:59PM +0000, Matt Caswell via RT wrote:
> In a well-behaved program there is no undefined behaviour. The "buf +
> len < buf" check will always evaluate to false, so in that sense is
> useless but it *is* well defined.
The defined behaviour for the "buf + len" part is as far as I know
that you're that the pointer should point inside the allocated
object or 1 byte after it. So as long as "len" is in the valid
range, the "buf + len" part should be well defined. The test with
-1 is clearly undefined.
As far as I know in the comparison pointers they should point
to the same object. But the check seems to imply that they might
not point to the same object or that buf is not the base of the
object. But since len is unsigned only the option that they don't
point to the same object seems to be left.
So it's unclear to me if this is defined behaviour or not.
Kurt
More information about the openssl-dev
mailing list