This is the mail archive of the
newlib@sources.redhat.com
mailing list for the newlib project.
Re: NULL guards for string functions
- From: "J. Johnston" <jjohnstn at redhat dot com>
- To: Karsten Fleischer <K dot Fleischer at omnium dot de>
- Cc: newlib at sources dot redhat dot com
- Date: Mon, 18 Aug 2003 14:42:35 -0400
- Subject: Re: NULL guards for string functions
- Organization: Red Hat Inc.
- References: <007101c3645b$c0859f90$2601a8c0@brws7002>
Karsten Fleischer wrote:
>
> Hi,
>
> I noticed that the newlib string functions are not guarded against NULL
> pointers and will cause coredumps if NULL arguments are passed.
>
> Some cygwin kernel functions call newlib string functions without
> checking for NULL args before (for example: mount() calls strpbrk();
> mount(0,0,0) will crash).
>
> I believe that C89/C99 standards do not impose a NULL check, but since
> these functions are used in a kernel-like environment, I think they
> ought to do.
>
> Karsten
Use of Library Functions:
According to C89/C99, "If an argument to a function has an invalid value
(such as a value outside the domain of the function, or a pointer outside
the address space of the program, or a null pointer, or a pointer to
non-modifiable storage when the corresponding parameter is not
const-qualified) or a type (after promotion) not expected by a function
with variable number of arguments, the behavior is undefined."
What this means is that the kernel should not be passing a NULL pointer
to such functions and expecting them to work. As an example, the generic code for
glibc string functions does not check for NULL pointers either.
It does not make sense to slow down these basic functions to handle a situation
that they are not defined to handle. You should bring this up with the
cygwin developers as they can easily wrapper the functions to do automatic
NULL checking if it is a prevalent problem or else they can add checks
in specific pieces of code you have noted failures.
-- Jeff J.