"Micah J. Cowan" wrote:
> On Thu, Mar 20, 2003 at 04:52:15PM -0800, Tim Riley wrote: > > > > > > "Micah J. Cowan" wrote: > > > > > On Thu, Mar 20, 2003 at 10:15:43AM -0800, Tim Riley wrote: > > > > > <snip> > > > > The vulnerability with malloc() occurs when working with pointers. > > It's common to test if a pointer has been set > > by placing it inside an "if" statement before referencing it. > > If you always use calloc(), all of your pointers will be > > initialized with zero. > > All bits zero != NULL. This is a common misbelief, which happens to be > true on a number of platforms. But it is not guaranteed to be true, > and is not on several platforms, though I conced that they are not the > mainstream. See: > > Sec. 5 of the C FAQ: ~http://www.eskimo.com/~scs/C-faq/s5.html > > Any number of comp.lang.c posts: > http://groups.google.com/groups?as_q=NULL%20calloc%28%29&as_ugroup=comp.lang.c > > Especially this one by the author of the FreeBSD C Library (last paragraph): > > http://groups.google.com/groups?q=NULL+calloc()+group:comp.lang.c+author:Chris+author:Torek&selm=18764%40dog.ee.lbl.gov > > "man calloc" on a Linux machine says bluntly: calloc() allocates memory for an array of nmemb elements of size bytes each and returns a pointer to the allocated memory. The memory is set to zero. malloc() allocates size bytes and returns a pointer to the allocated memory. The memory is not cleared. > > For the following example > > it's clear that a core dump might occur; however, if the program were > > 1000 lines long and the variables set in different locations, tracing > > could be a bear. > > > > typedef struct > > { > > char *name; > > char *address; > > char *city; > > char *state; > > char *zip_code; > > } PERSON; > > > > int main( int argc, char **argv ) > > { > > PERSON *person = malloc( sizeof( PERSON ) ); > > > > person->name = "fred"; > > A core dump could occur right here, with or without calloc(), > considering you didn't check malloc()'s return. Allocation error checking was intentionally left out for simplicity. > > > > if ( person->name && person->zip_code ) > > { > > printf( "For person = %s, got zip code = %s\n", > > person->name, person->zip_code ); > > } > > } > > > > If calloc() had been used, no one would have noticed the delay and no > > core would be dumped. > > Provided that one is using a system on which NULL happens to be > all-bits-zero. What ANSI C implementation are you referring to here? > Which we all are on this list, but can we guarantee > that the code you write won't be ported to such a system? > Isn't this a Linux users group? What system are you referring to? Does it not have gcc? Is it open source so we can fix it? > > And I submit that without the core dump, the bug of having forgotten > to set *person's fields just got much, much harder to track down. > Core dumps are useful for tracking down bugs. > > -Micah > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
