Standard functions expect valid “pointer to object” even when called with size of 0 #161
Description
Some words in the C99 standard can be used to justify compiler optimizations based on the assumption that a standard function does not receive a null pointer as argument, even if that is together with a size of 0. GCC started to optimize this aggressively in its 4.9 version with the optimization -fdelete-null-pointer-checks (enabled by default at -O0). It is discussed in this blog post: http://blog.mycre.ws/articles/bind-and-gcc-49/
The very same words in the C standards can also be used to justify any optimization based on the assumption that a standard function does not receive a pointer to the very end of a valid memory zone (“one past” in C standardese): http://stackoverflow.com/a/25390675/139746
s2n does not apply standard functions to null pointers as far as at can tell, but it seems to apply some standard functions to pointers “one past” in two places during the execution of the provided s2n/tests/unit/s2n_ssl_prf_test.c test (see below).
GCC does not currently optimize on this basis, but it or any other standard-compliant compiler could. Or could in next year's version. Or in ten years when everyone is using s2n. :)
The two source code locations in which standard functions appear to be passed pointers one past are:
- s2n/stuffer/s2n_stuffer.c:124: ((stuffer->blob.data + stuffer->write_cursor) - n) must be a valid pointer for writing
- s2n/crypto/s2n_hmac.c:153: key must be a valid pointer for reading
These two locations are the only ones where this problem happens in all the provided unit tests (minus the three we cannot execute—yet). The usual fix is to check that the size is nonzero before invoking memcpy and memset (the code is only invoking these functions with pointers one-past together with a size of zero, otherwise the interpreter would have complained more loudly and I would have reported this sooner).
PS: any news about availability of someone close to s2n development in Seattle at the beginning of next week?