You're trying to reason about it as a logical system providing native semantics which it isn't. The compilers have knowledge about standard library functions and they don't simply act the way they're defined in the library. My example is just something they consider undefined.
Conversation
A very easy example to demonstrate is strdup. It's considered to have __attribute__((malloc)) (whether or not the libc marks it as such like glibc does) which includes guaranteeing:
> no pointers to valid objects occur in any storage addressed by P.
which can clearly happen.
2
In order for a pointer converted from an integer to be valid, there has to be a 'valid' path leading to it from where it was originally converted from a pointer to an integer. It's worth looking at DR 260 and also the standard's wording.
open-std.org/jtc1/sc22/wg14
1
> are permitted to track the origins of a bit-pattern and treat those representing an indeterminate value as distinct from those representing a determined value. They may also treat pointers based on different origins as distinct even though they are bitwise identical.
1
No conversions from integer take place here. Rather it's a matter of effective type rules for allocated storage with memcpy-like char copying.
1
I'm not talking about the specific example that was presented but rather the response to it. They are likely to more formally define these things in C2X and some early drafts like cl.cam.ac.uk/~pes20/cerberu show what that could end up looking like.
3
1
1
1
1
Ah, I understand now. DigiCert owns QuoVadis now by the way and responded:
groups.google.com/forum/#!msg/mo
They do say they'd revoke it if Mozilla requested it and Mozilla could just blacklist the intermediate rather than removing QuoVadis, which now has different management.
1
I don't think a CA should be able to authorize a sub-CA in the first place, especially since it bypasses all of the supposed auditing and rules imposed on them, which is already a very weak / flawed system. The whole thing is garbage regardless...