NULL guards for string functions

Christopher Faylor
Mon Aug 18 20:04:00 GMT 2003

On Mon, Aug 18, 2003 at 02:42:35PM -0400, J. Johnston wrote:
>Karsten Fleischer wrote:
>> I noticed that the newlib string functions are not guarded against NULL
>> pointers and will cause coredumps if NULL arguments are passed.
>> Some cygwin kernel functions call newlib string functions without
>> checking for NULL args before (for example: mount() calls strpbrk();
>> mount(0,0,0) will crash).
>> I believe that C89/C99 standards do not impose a NULL check, but since
>> these functions are used in a kernel-like environment, I think they
>> ought to do.
>> Karsten
>Use of Library Functions:
>According to C89/C99, "If an argument to a function has an invalid value
>(such as a value outside the domain of the function, or a pointer outside
>the address space of the program, or a null pointer, or a pointer to 
>non-modifiable storage when the corresponding parameter is not 
>const-qualified) or a type (after promotion) not expected by a function
>with variable number of arguments, the behavior is undefined."
>What this means is that the kernel should not be passing a NULL pointer
>to such functions and expecting them to work.  As an example, the generic code for
>glibc string functions does not check for NULL pointers either. 
>It does not make sense to slow down these basic functions to handle a situation
>that they are not defined to handle.  You should bring this up with the
>cygwin developers as they can easily wrapper the functions to do automatic
>NULL checking if it is a prevalent problem or else they can add checks
>in specific pieces of code you have noted failures.

Cygwin already has NULL-check guards on many functions.  Apparently we
missed mount.  As Jeff mentioned, it makes no sense to slow down string
operations this way.


More information about the Newlib mailing list