Core: Avoid memcpy from NULL

Ben Kallus benjamin.p.kallus.gr at dartmouth.edu
Tue Jan 9 16:18:06 UTC 2024


> This demonstrates that your patch
> is clearly insufficient.  Further, Vladimir's patch is clearly
> insufficient too, as shown for the another patch in the same
> patch series.

"Insufficient" only when compared to a hypothetical perfectly exhaustive
patch that requires "huge work," as you put it. It's best not to let the
perfect be the enemy of the good.

Avoiding UB in normal program execution (as opposed to the test suite) will
prevent common workloads from executing UB, which is not merely an issue of
"theoretical correctness." See https://blog.regehr.org/archives/213
(section "A Fun Case Analysis") for an example of how this "NULL used in
nonnull context" issue leads to unexpected program behavior.

Thus, I think the best approach is to patch pstrdup to avoid
memcpy-from-NULL, and patch other functions only if someone can present a
backtrace from a real configuration of nginx that executed UB.

-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20240109/d06e3728/attachment-0001.htm>


More information about the nginx-devel mailing list