strftime segfault vs return error code

David Niklas doark@mail.com
Fri Jul 31 13:23:00 GMT 2015


> > Wouldn't it be better in this case for strftime() to return 0,
> > rather than crashing?  I'm not sure if there are any security
> > implications in this current behaviour.
> >   
> From practical perspective crashing/abort tends to be best. Users
> typically don't check return value and its better fail early and
> loudly than silently corrupting data. As timespec is constructed by
> programmer he wrote underlying bug that caused it, strptime doesn't
> set invalid months.
> 
> You could write patch to add asserts in strftime to make debugging
> easier.

I'm a coder who religiously checks the return value, or errno, of each
function that I call and I'd like to say that segfaulting is a very
bad idea for people who try to write good code because we expect that
when we encounter a segfault in your code, then there is something wrong
with your code vs. ours; and your current ideal, though helpful to
some, only encourages programmers to rely on this non-standard
and wrong behaviour.
In other words your promoting the bad programming practise which you
mentioned we'd be better off without and sooner or later, wasting the
time of those of use who try to file bug reports.

Sincerely, David



More information about the Libc-help mailing list