On 2025-06-18 17:16, Kees Cook wrote:
I agree, validating invalid pointers is not the job of __bdos. My concern
is about having __bdos *generate* code that results in invalid pointer
access.
I would like a way to indicate the desire to do the dereference. Having
an invalid pointer is a totally separate problem -- everything assumes
it has a valid pointer.
Maybe a --param to indicate this, e.g.
--param objsz-allow-dereference-input=yes|no
which defaults to 'no'? That will allow users to opt in to the footgun ;)
Sid
