NULL guards for string functions
Christopher Faylor
cgf@redhat.com
Mon Aug 18 20:04:00 GMT 2003
On Mon, Aug 18, 2003 at 02:42:35PM -0400, J. Johnston wrote:
>Karsten Fleischer wrote:
>> I noticed that the newlib string functions are not guarded against NULL
>> pointers and will cause coredumps if NULL arguments are passed.
>>
>> Some cygwin kernel functions call newlib string functions without
>> checking for NULL args before (for example: mount() calls strpbrk();
>> mount(0,0,0) will crash).
>>
>> I believe that C89/C99 standards do not impose a NULL check, but since
>> these functions are used in a kernel-like environment, I think they
>> ought to do.
>>
>> Karsten
>
>Use of Library Functions:
>
>According to C89/C99, "If an argument to a function has an invalid value
>(such as a value outside the domain of the function, or a pointer outside
>the address space of the program, or a null pointer, or a pointer to
>non-modifiable storage when the corresponding parameter is not
>const-qualified) or a type (after promotion) not expected by a function
>with variable number of arguments, the behavior is undefined."
>
>What this means is that the kernel should not be passing a NULL pointer
>to such functions and expecting them to work. As an example, the generic code for
>glibc string functions does not check for NULL pointers either.
>
>It does not make sense to slow down these basic functions to handle a situation
>that they are not defined to handle. You should bring this up with the
>cygwin developers as they can easily wrapper the functions to do automatic
>NULL checking if it is a prevalent problem or else they can add checks
>in specific pieces of code you have noted failures.
Cygwin already has NULL-check guards on many functions. Apparently we
missed mount. As Jeff mentioned, it makes no sense to slow down string
operations this way.
cgf
More information about the Newlib
mailing list