History of Null Pointer Dereferences on macOS

Thanks to the wonders of UB, the sample on the article when compiled with optimization on, it actually reduces to,<p><pre><code> &#x2F;&#x2F;clang -o null_dereference null_dereference.c #include &lt;stdio.h&gt; int main() { int *ptr = NULL; &#x2F;&#x2F; Initialize a pointer to NULL int value = *ptr; &#x2F;&#x2F; Attempt to dereference the NULL pointer printf(&quot;Value: %d\n&quot;, value); &#x2F;&#x2F; This line will reached, because the previous will be optimized away. return 0; } </code></pre> Example, <a href="https:&#x2F;&#x2F;godbolt.org&#x2F;z&#x2F;Kv3rcz1ch" rel="nofollow">https:&#x2F;&#x2F;godbolt.org&#x2F;z&#x2F;Kv3rcz1ch</a>

On macOS x86_64, the size of PAGEZERO cannot be set to 0, but it can be set to 0x1000 (4 KiB) instead of the default 4 GiB. Wine does this to support running Windows EXEs which need to load at a fixed address.<p>On ARM64, PAGEZERO&#x27;s size cannot be made smaller than 4 GiB.

&gt; A NULL pointer dereference occurs when software attempts to access memory at address 0 (the NULL address) via a pointer set to NULL.<p>There is nothing in the standard that says that NULL must be 0.

We’re covering the history of null pointers on the Mac and not mentioning that in the early days null de-referencing was totally allowed and the system didn’t do anything to stop it? ;)

On a tangent re: memory safety in operating systems —<p>We hear a lot these days from the (very much in-the-open) debate over how much (if any) of the Linux kernel should be rewritten in Rust for memory safety.<p>But does anyone know if a similar debate is also going on inside Apple re: XNU&#x2F;Darwin, or within Microsoft re: NTOS? (Maybe not using Rust in particular, but some other memory-safe systems language?)

How large is the protected memory area? In my experience it&#x27;s often not zero but some offset from zero that is accessed

How things change! Page zero was extremely important on the Apple ][.

Hugged to death?<p>Edit: Seems good half an hour later!