NULL guards for string functions

J. Johnston
Mon Aug 18 19:55:00 GMT 2003

Karsten Fleischer wrote:
> Hi,
> I noticed that the newlib string functions are not guarded against NULL
> pointers and will cause coredumps if NULL arguments are passed.
> Some cygwin kernel functions call newlib string functions without
> checking for NULL args before (for example: mount() calls strpbrk();
> mount(0,0,0) will crash).
> I believe that C89/C99 standards do not impose a NULL check, but since
> these functions are used in a kernel-like environment, I think they
> ought to do.
> Karsten

Use of Library Functions:

According to C89/C99, "If an argument to a function has an invalid value
(such as a value outside the domain of the function, or a pointer outside
the address space of the program, or a null pointer, or a pointer to 
non-modifiable storage when the corresponding parameter is not 
const-qualified) or a type (after promotion) not expected by a function
with variable number of arguments, the behavior is undefined."

What this means is that the kernel should not be passing a NULL pointer
to such functions and expecting them to work.  As an example, the generic code for
glibc string functions does not check for NULL pointers either. 

It does not make sense to slow down these basic functions to handle a situation
that they are not defined to handle.  You should bring this up with the
cygwin developers as they can easily wrapper the functions to do automatic
NULL checking if it is a prevalent problem or else they can add checks
in specific pieces of code you have noted failures.

-- Jeff J.

More information about the Newlib mailing list