Re: undefined-behavior obstack.c:139

[Andreas F. Borchert]

On Fri, Dec 01, 2023 at 05:01:45PM +0100, Bruno Haible wrote:
> Jeffrey Walton wrote:
> > I think that's a valid finding. NULL is not a valid address. You can't
> > add anything to it.
> 
> Can you back this opinion with citations from ISO C 23 [1] ?

See N3096 (most recent draft of C23 [1]), quotes from § 6.5.6, (2), (8) and (9):

   For addition, either both operands shall have arithmetic type,
   or one operand shall be a pointer to a complete object type
   and the other shall have integer type.
   [..]
   For the purposes of these operators, a pointer to an object that
   is not an element of an array behaves the same as a pointer to the
   first elemenet of an array of length one with the type of
   the object as its element type.
   [..]
   If the pointer operand points to an element of an array object,
   and the array is large enough, the result points to an element
   offset from the original element such that the difference of
   the subscripts of the resulting and original array elements
   equals the integer expression.

NULL per <stddef.h> is defined per § 7.21, (4):

   The macros are NULL which expands to an implementation-defined
   null pointer constant; [..]

The definition of null pointer constant is given at § 6.3.2.3 (3):

   An integer constant expression with the value 0, such an
   expression cast to type void *, or the predefined constant nullptr
   is called a null pointer constant.

In summary, null pointer constants are not pointers to an object
or an element of an array object and thereby must not be used
for pointer arithmetic.

Andreas.

[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3096.pdf

-- 
Dr. Andreas F. Borchert,  Institut für Numerische Mathematik, Universität Ulm
Helmholtzstr. 20, 89081 Ulm, +49 7315023572 https://mathematik.uni-ulm.de/afb

smime.p7s
Description: S/MIME cryptographic signature