On these systems it is perfectly valid (and correct) C to define a structure which has the layout of the attached devices and then cast 0 to a pointer to this structure and use that for I/O.
No, it isn't "valid", per se. It is how you get the desired effect, and might work fine on said device -- but it's a blatant violation of the rules of C.
Remember that C, like most languages, makes some very basic assumptions about the underlying platform and require certain things of it. One of these is you can't dereference NULL legally, end of story. From the kernel's point of view, strictly by the rules of the underlying processor and machine, this might be totally legal. But the C standard says quite explicitly that you can't be doing this under any condition. Not only that, it's undefined behavior -- you're in a particularly bad no man's land.
Legal in C and legal on the machine are NOT the same thing. Please remember that difference. C still has rules and assumptions that you have to follow, and when you don't, things like this happen. That's why the code behind this vulnerability is NOT correct. It obeys machine rules but not C's stricter rules.
The major difference between bonds and bond traders is that the bonds will eventually mature.