From: Linus Torvalds > Sent: 06 June 2023 16:46 > > On Tue, Jun 6, 2023 at 8:31 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > nit: Linus's example was "(void *)8" (instead of 1) because we've had > > issues in the past with alignment warnings on archs that are sensitive > > to it. (e.g. see the __is_constexpr() macro which is doing NULL/!NULL > > comparisons.) __is_constexpr() is playing entirely different games. Basically the type of (x ? (void *)y : (int *)z) depends on whether 'y' is a compile-time 0 (int *) or not (void *). ... > So I'm not sure the 1-vs-8 actually matters. We do other things that > assume that low bits in a pointer are retained and valid, even if in > theory the C type system might have issues with it. Yes, given that gcc will assume a pointer is aligned if you try to memcpy() from it, I'm surprised it doesn't always assume that. In which case (long)ptr_to_int & 3 can be validly assumed to be zero. I've found some 'day job' code that passed the address of a member of a 'packed' structure to a function which then used host ordered unsigned char[] accesses. The compiler is certainly allowed to convert that back to a word write - which would then fault. (I've not looked to see if any modern compilers do.) Of course the simple ptr->member would have be fine. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
