On 5/16/22 07:33, Michael Catanzaro wrote:
On Mon, May 16 2022 at 07:23:20 AM -0700, John Reiser <jreiser@xxxxxxxxxxxx> wrote:
Zero is the worst possible auto-int value. It will hide the most bugs.
That's true, but using zero also converts code execution vulnerabilities into denial of service vulnerabilities. Dereference a NULL pointer and you get a non-exploitable crash. Dereference 0x81818181 and you have a much more serious problem at predictable location.
The goal of this change is to mitigate security bugs, and using a nonzero value does not accomplish that goal.
Today on x86_64 Linux does not allow 0x8181...81 to be mapped in a user process
(except for i686 software running under x86_64 kernel, which may be prevented
via configuration choice), so the addressing fault for 0x8181...81 is just as fatal
as for zero. SIGSEGV is generated in both cases, and handled independent
of address value.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
