iceoryx icon indicating copy to clipboard operation
iceoryx copied to clipboard

Published 20 hours ago verified publisher icon eclipse-iceoryx

`rp::RelativePointer::get()` does not check for `nullptr` before access

Open mossmaurice opened this issue 3 years ago • 2 comments

Required information

Operating system: Ubuntu 20.04.3 LTS

Compiler version: GCC 8.4.0

Observed result or behaviour: Accessing an empty RelativePointer leads to a crash

Expected result or behaviour: Accessing an empty RelativePointer shall lead to a fatal error (defined behaviour)

Conditions where it occurred / Performed steps: Call RelativePointer::get() on empty object

mossmaurice avatar Aug 29 '22 15:08 mossmaurice

@mossmaurice @elBoberido @MatthiasKillat @FerdinandSpitzschnueffler sorry but I reopened it.

Please correct me if I am wrong but a relative pointer:

  • is a low level abstraction for a C pointer
  • should behave exactly like a C pointer
  • nullptr is a valid value of a C pointer, it is like that the number 0 is a valid value for an int

The description is in my opinion also misleading: Accessing an empty RelativePointer leads to a crash. No it does not. When accessing a relative pointer which contains nullptr with RelativePointer::get() we just get the nullptr.

I would propose (and also implement) the following solution.

  • nullptr is an allowed and normal value for RelativePointer
  • RelativePointer::get() can return a nullptr
  • operator->() will always terminate when the relative pointer contains a nullptr. The reason is that when one accesses a nullptr via operator->() most compilers will either segfault or have undefined behavior and here I would just enforce that we really segfault.

elfenpiff avatar Sep 05 '22 14:09 elfenpiff

@mossmaurice @elBoberido @MatthiasKillat @FerdinandSpitzschnueffler sorry but I reopened it.

Please correct me if I am wrong but a relative pointer:

  • is a low level abstraction for a C pointer
  • should behave exactly like a C pointer
  • nullptr is a valid value of a C pointer, it is like that the number 0 is a valid value for an int

The description is in my opinion also misleading: Accessing an empty RelativePointer leads to a crash. No it does not. When accessing a relative pointer which contains nullptr with RelativePointer::get() we just get the nullptr.

I would propose (and also implement) the following solution.

  • nullptr is an allowed and normal value for RelativePointer
  • RelativePointer::get() can return a nullptr
  • operator->() will always terminate when the relative pointer contains a nullptr. The reason is that when one accesses a nullptr via operator->() most compilers will either segfault or have undefined behavior and here I would just enforce that we really segfault.

Agree. I think we merged the PR too hasty.

FerdinandSpitzschnueffler avatar Sep 05 '22 14:09 FerdinandSpitzschnueffler

@elfenpiff

RelativePointer::get() can return a nullptr operator->() will always terminate when the relative pointer contains a nullptr. The reason is that when one accesses a nullptr via operator->() most compilers will either segfault or have undefined behavior and here I would just enforce that we really segfault.

Good point :+1: thanks! It's fixed on #1599

mossmaurice avatar Sep 26 '22 10:09 mossmaurice