Path: csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Tim Rentsch Newsgroups: comp.lang.c Subject: Re: Memory protection between compilation units? Date: Mon, 16 Jun 2025 06:10:46 -0700 Organization: A noiseless patient Spider Lines: 26 Message-ID: <86jz5bq1bd.fsf@linuxsc.com> References: <20250611153239.6bc43323@mateusz> <20250612102857.1632c026@mateusz> <20250612114200.143@kylheku.com> <102gjib$39la2$1@dont-email.me> <20250613141420.25d81b43@mateusz> <20250613165623.00004eb3@yahoo.com> <102kq3e$e9ts$1@dont-email.me> <102mjh5$31ckr$1@paganini.bofh.team> <102nab5$148mb$1@dont-email.me> <102nm7l$3333o$1@paganini.bofh.team> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Date: Mon, 16 Jun 2025 15:10:50 +0200 (CEST) Injection-Info: dont-email.me; posting-host="831a142ca039e7af106a1abea4295b12"; logging-data="1744758"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/NMueaTHyGSNKGahbxd2zraI8VEYSywkY=" User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.4 (gnu/linux) Cancel-Lock: sha1:nsu+6o6jjuUT7KYrsJmEctfJ/jQ= sha1:WEM1jilt4Lb5XxplP17YhpQFhII= Xref: csiph.com comp.lang.c:393869 antispam@fricas.org (Waldek Hebisch) writes: > Mateusz Viste wrote: > >> That said, detecting out-of-bounds array access is no panacea. Memory >> corruption can arise from various sources, such as dangling pointers or >> poorly managed pointer arithmetic. > > AFAICS there is no reason for explicit pointer arithmetic in well > written C programs. This assertion is in effect a No True Scotsman statement. > Implicit pointer arithmetic (coming from array > indexing) is done by compiler so should be no problem. Even if there is no direct manipulation ("pointer arithmetic") of pointer variables, access can be checked only if array bounds information is available, and in many cases it isn't. The reason is (among other things) C doesn't have array parameters; what it does have instead is pointer parameters. At the point in the code when an "array" access is to be done, the information needed to check that an index value is in bounds just isn't available. The culprit here is not explicit pointer arithmetic, but lacking the information needed to do a bounds check. That lack is inherent in how the C language works with respect to arrays and pointer conversion.