On 2025-06-18 17:46, Qing Zhao wrote:
Okay, I guess that I didn’t put enough attention on the above example
previously, sorry about that...
Read it multiple times this time, my question is for the following code portion:
objsz = __builtin_dynamic_object_size (ptr, 0);
__memcpy_chk (ptr, src, sz, objsz);
When program get to the this point, “ptr” is freed and invalid already, is
the program still considered as a valid program when the first argument to the
call to __memcpy_chk is an invalid pointer but the 3rd parameter is 0?
AFAICT, strictly according to the standards it should not be considered
valid since any use of an invalid pointer (not just dereferencing it) is
considered undefined behaviour. However in practice it doesn't result
in an invalid access because of SZ=0.
Sid
