---

Null pointers, one month later

“C programmers normally expect that an attempt to dereference a
null (zero) pointer will result in a hardware exception which, in
turn, causes the program to crash. This happens not because there
is anything special about a pointer containing zero, but because
the trick of not mapping valid memory at the bottom of the virtual
address space has been known and used for decades. If no valid
memory is mapped near address zero, the hardware will trap attempts
to access memory in that range; that includes attempts to
dereference null pointers. It is a useful setup which minimizes the
damage caused by misuse of null pointers.

“The only problem is that, in the kernel environment, there is
no guarantee that no valid memory is mapped at the bottom of the
address space. The default is to not map anything there, but
applications can request, via the mmap() system call, that the
lowest addresses be made valid. So the null pointer address can be
made to point to real memory, and this can happen entirely under
the control of user space. User-space addresses remain valid when
running in the kernel, so, if the kernel can be made to dereference
a null pointer, it will be accessing user-controlled memory. Should
the kernel try to jump to a null pointer, it will be running
user-controlled code directly. Needless to say, this sequence of
events would not be good for the security of the system.”

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis