In GCC 4.9, we have optimizations that make use of non-null annotations,
at least for removing null pointer checks. Some libc functions are
annotated with it, such as qsort, memcpy, memset, memcmp.
On the other hand, it is unspecified if the data() member of std::vector
returns null pointer if empty() returns true.
As a result, code like this is invalid if the functions are ever called
with empty vectors:
void clear(std::vector<char> &vec)
{
memset(vec.data(), '\0', vec.size());
}
int comparefn(void *, void *);
void sort(std::vector<T> &vec)
{
qsort(vec.data(), vec.size(), sizeof(T), comparefn);
}
I think this is quite surprising. What can we do about it?
--
Florian Weimer / Red Hat Product Security Team
