Re: NULL pointer arithmetic issues

[Aaron Ballman <aaron%aaronballman.com@localhost>]

On Mon, Mar 9, 2020 at 9:21 AM Martin Husemann <martin%duskware.de@localhost> wrote:
>
> On Mon, Mar 09, 2020 at 01:34:23PM +0100, Kamil Rytarowski wrote:
>
> > We instruct a C compiler that pointer used in the pserialize macros is
> > never NULL, as the side effect of adding to it 0.
>
> I question that side effect.
>
> The C++ standard disagrees with your interpration, I have not seen clear
> statements in any official C standard, and we have been discussing here
> tons of totally unrelated things. Untill proven otherwise I consider that
> ubsan behaviour a bug.

C17 6.5.6p8 says:

When an expression that has integer type is added to or subtracted
from a pointer, the result has the
type of the pointer operand. If the pointer operand points to an
element of an array object, and the
array is large enough, the result points to an element offset from the
original element such that the
difference of the subscripts of the resulting and original array
elements equals the integer expression.
In other words, if the expression P points to the i-th element of an
array object, the expressions
(P)+N (equivalently, N+(P)) and (P)-N (where N has the value n) point
to, respectively, the i + n-th
and i - n-th elements of the array object, provided they exist.
Moreover, if the expression P points to
the last element of an array object, the expression (P)+1 points one
past the last element of the array
object, and if the expression Q points one past the last element of an
array object, the expression
(Q)-1 points to the last element of the array object. If both the
pointer operand and the result point
to elements of the same array object, or one past the last element of
the array object, the evaluation
shall not produce an overflow; otherwise, the behavior is undefined.
If the result points one past
the last element of the array object, it shall not be used as the
operand of a unary * operator that is
evaluated.

The way I read this is:

"If the pointer operand points to an element of an array object" -- it
does not (null is not a valid array object).
"Moreover, if the expression P points to the last element of an array
object" -- it does not (null is not a valid array object).
"If both the pointer operand and the result point to elements of the
same array object, or one past the last element of the array
object..." -- it does not (there is no valid array so they cannot
point to elements of the same array).
"...otherwise, the behavior is undefined." -- this is where we hit the UB.

When discussed on the committee reflector there were no objections to
that interpretation, so this is my understanding of the C committee's
current position. If you still think this is unclear, you can file a
clarification request with the committee to get an official response
considered by the full committee.

~~Aaron