Holes discovered in SSL certificate validation
Holes discovered in SSL certificate validation
Posted Nov 3, 2012 1:14 UTC (Sat) by nybble41 (subscriber, #55106)In reply to: Holes discovered in SSL certificate validation by nix
Parent article: Holes discovered in SSL certificate validation
>> There aren't any cases in any version of C or C++ where a numeric type converts into a pointer silently.
> Um, 0 in pointer context is the null pointer constant.
> Um, 0 in pointer context is the null pointer constant.
It's not just the value; in C99, at least, only an _integer constant expression_ with the value zero, or the same cast to (void*), can be implicitly converted to a null pointer. Any other expression with numeric type will not be implicitly treated as a null pointer, even if the value happens to be zero. GCC treats this as an integer-to-pointer conversion without a cast and generates a warning by default.
Granted, "false" from <stdbool.h> is a macro defined as the integer constant 0, so it can be converted to a null pointer. However, the null pointer is treated as false in a boolean context, so that isn't so very surprising.