This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Error on setenv(..., NULL, ...)
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Wed, 11 Mar 2015 17:14:41 +0000
- Subject: Re: [patch] Error on setenv(..., NULL, ...)
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobNSbWUkd_i-L6U0ovbqPYnJY-h=ftX1K61yb19pmJj6aw at mail dot gmail dot com>
On Wed, 11 Mar 2015, Paul Pluzhnikov wrote:
> Attached trivial patch makes setenv(..., NULL, ...) fail instead of
> producing "bad" environment. Tested on Linux/x86_64, no new failures.
The conventions at
<https://sourceware.org/glibc/wiki/Style_and_Conventions#Error_Handling>
say that "If it's user code invoking undefined behavior, then it should
fail early and catastrophically ... That too trades off against any
runtime cost of detecting the case.". And, more specifically for null
pointers, "If you're going to check for NULL pointer arguments where you
have not entered into a contract to accept and interpret them, do so with
an assert, not a conditional error return.".
So, if it's undefined behavior to pass NULL here, any detection should
take the form of an assertion.
--
Joseph S. Myers
joseph@codesourcery.com