This is the mail archive of the
newlib@sources.redhat.com
mailing list for the newlib project.
Re: NULL guards for string functions
- From: Christopher Faylor <cgf at redhat dot com>
- To: newlib at sourceware dot org
- Cc: Karsten Fleischer <K dot Fleischer at omnium dot de>,newlib at sources dot redhat dot com
- Date: Mon, 18 Aug 2003 14:57:12 -0400
- Subject: Re: NULL guards for string functions
- References: <007101c3645b$c0859f90$2601a8c0@brws7002> <3F411E1B.CD8BD1E1@redhat.com>
- Reply-to: newlib at sourceware dot org
On Mon, Aug 18, 2003 at 02:42:35PM -0400, J. Johnston wrote:
>Karsten Fleischer wrote:
>> I noticed that the newlib string functions are not guarded against NULL
>> pointers and will cause coredumps if NULL arguments are passed.
>>
>> Some cygwin kernel functions call newlib string functions without
>> checking for NULL args before (for example: mount() calls strpbrk();
>> mount(0,0,0) will crash).
>>
>> I believe that C89/C99 standards do not impose a NULL check, but since
>> these functions are used in a kernel-like environment, I think they
>> ought to do.
>>
>> Karsten
>
>Use of Library Functions:
>
>According to C89/C99, "If an argument to a function has an invalid value
>(such as a value outside the domain of the function, or a pointer outside
>the address space of the program, or a null pointer, or a pointer to
>non-modifiable storage when the corresponding parameter is not
>const-qualified) or a type (after promotion) not expected by a function
>with variable number of arguments, the behavior is undefined."
>
>What this means is that the kernel should not be passing a NULL pointer
>to such functions and expecting them to work. As an example, the generic code for
>glibc string functions does not check for NULL pointers either.
>
>It does not make sense to slow down these basic functions to handle a situation
>that they are not defined to handle. You should bring this up with the
>cygwin developers as they can easily wrapper the functions to do automatic
>NULL checking if it is a prevalent problem or else they can add checks
>in specific pieces of code you have noted failures.
Cygwin already has NULL-check guards on many functions. Apparently we
missed mount. As Jeff mentioned, it makes no sense to slow down string
operations this way.
cgf