[patch] bus error in gcry_free

Werner Koch wk at gnupg.org
Fri Feb 2 18:43:38 CET 2007

On Fri,  2 Feb 2007 16:31, christianbiere at gmx.de said:

> can easily cause aliasing issues. I find it much cleaner to clear structures
> using struct copying using a static const variable. This will definitely do the
> right thing and isn't any more effort. Typically this happens in one or two
> places for each struct only anyway.

This break a bunch of code, be it calloc or memset cleared structs.
But I have other things to do than to nitpicking on this.

> This has nothing to do with segmented memory. That's just one example to

Yes sure.  The first premises is to make the code secure and mostly
bug free.  Over-optimization of modern compilers makes this even

> "implementation-defined" in which case declaring platforms with segmented
> memory as unsupported would be fine. The standard say "undefined behavior" and
> that's emphasized by mentioning it. It would still be "undefined behavior"

Okay, granted.

> Casting pointers to integers and vice-versa is implementation-defined and will
> typically do exactly what you expect. So if I wanted to use such checks at all,
> I'd certainly use size_t (or unsigned long) because arithmetic with unsigned
> integers is well-defined.

So we end up with this:

  size_t p_addr = (size_t)p;
  size_t pool_addr = (size_t)pool;

  return (pool_okay
          && p_addr >= pool_addr
          && p_addr <  pool_addr+pool_size);



More information about the Gcrypt-devel mailing list