Bug 27964
Summary: | segfaults on null strings | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | mikebabcock |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED NOTABUG | QA Contact: | Aaron Brown <abrown> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | CC: | fweimer |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-02-16 15:05:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
mikebabcock
2001-02-16 15:05:07 UTC
Why? E.g. ISO C99, 7.1.4 clearly states that: If an argument to a function has an invalid value (such as ... a null pointer ...) ..., the behaviour is undefined. This general rule is not overridden for any of the functions you named above, so it applies. And there is no reason to slow things down for the sake of invalid programs. You can use wrappers around the standard functions which will check its arguments before passing them to the libc implementation. "Undefined" behaviour does not equate to a segmentation fault, it is simply undefined (unspecified) and up to the programmer to interpret. If you believe those two CPU cycles are so precious, far be it for me to disagree (glibc isn't exactly _that_ efficient in the first place), but the stability of the system should be a higher priority than sheer speed. Note: in good programming practice, it is up to the library to check for invalid parameters and tell the calling program. A simple "if (value == NULL) return -1;" would be nice. PS, a third opinion on this would be nice as well (I'll leave as 'resolved' in good faith). Undefined behaviour means the routine can do anything, format your disks, do nothing, send a signal, whatever. Why is NULL so special btw, I mean e.g. passing 0xdeadbeef (provided it does not point to a mapped memory) is the same category (but much harder to find out). Note that the standards explicitely say which functions allow NULL as arguments, e.g. free(NULL) is valid. Even if glibc had this argument checking, if you tried to run your program on Solaris, Irix, *BSD, name it, it would crash there, so it would be highly unportable anyway. |