Falsehoods programmers believe about null pointers
-
[email protected]replied to [email protected] last edited by
I'm almost sure storing data at *(0) is undefined behavior, so yes, that falsity #9 is indeed false.
Also, many embedded toolsets expect you to write there.
-
[email protected]replied to [email protected] last edited by
Macromedia Flash Action Script was the first language I saw that could have a RCE vulnerability caused by null pointer dereference.
Thank god HTML5 media killed Flash.
-
[email protected]replied to [email protected] last edited by
Flash isn't dead yet.
I just had to use it to connect to an ancient Siemens building automation system. Luckily we're replacing it this year.
-
[email protected]replied to [email protected] last edited by
Before virtual memory was a thing, almost all memory was accessible.
Virtual memory has nothing to do with whether 0 is a valid address. You can have a CPU where it is valid, or one where it isn't and you'll get an access fault if you try to access it. You can also have virtual memory where page 0 is mappable, or not.
-
[email protected]replied to [email protected] last edited by
Small nit:
CHERI is even weirder. CHERI pointers store
128-bit capabilities in addition to the 64-bit address we’re used toThe 128-bit capability (actually 129 since there's a tag bit) includes the address. It's 64-bit address + 64-bit metadata + 1-bit tag = 129-bit capability.
-
[email protected]replied to [email protected] last edited by
Thanks, I'm going to have nightmares tonight.
-
[email protected]replied to [email protected] last edited by
FYI there is an open source reimplementation of Flash from scratch called Ruffle that should solve all the security issues that Flash had. It runs on WASM so it's compatible with modern browsers. The New York Times is using it to bring back some old interactive/animated pages that relied on Flash.
-
[email protected]replied to [email protected] last edited by
Very misleading writing style IMO. I would say most of their bullet points ARE actually true in most cases... they just keep bringing up somewhat rare/exotic exceptions as a way to call it a "falsehood".
-
[email protected]replied to [email protected] last edited by
A claim which is mostly true is false. Programmers should pay attention to details, since that is all computers know.
-
[email protected]replied to [email protected] last edited by
Details like the fact that people can have differing opinions and perspectives, and should not speak in absolutes?
-
[email protected]replied to [email protected] last edited by
Details such as that accepting the statement "a claim which is mostly true is false" means that "a claim which is mostly false is true" must also be accepted (that one, or "a claim which is sometimes true is true" depending on what you think "not (mostly true)" means)
-
[email protected]replied to [email protected] last edited by
Not everything can be easily boxed into Boolean categories so no, a mostly true claim is not simply false. You are erasing the key context and nuance to make this foolish absolute statement.
