Date: Wed, 23 Apr 2008 20:41:04 +0200 From: Heiko Wundram <modelnine@modelnine.org> To: freebsd-hackers@freebsd.org Subject: Re: strdup(NULL) supposed to create SIGSEGV? Message-ID: <200804232041.04913.modelnine@modelnine.org> In-Reply-To: <293918.47889.qm@web36608.mail.mud.yahoo.com> References: <293918.47889.qm@web36608.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Mittwoch, 23. April 2008 18:06:44 schrieb Simun Mikecin: > >If you're going to quote documents to support your ideas, it's probably > >better to read them first. > > My apologies. My fingers were faster than my mind. But this made me read it > the way I should have done in the first place. And I see that it says: > "A null pointer is returned if the new string cannot be created." <rant> Again: strdup's input domain is implicitly defined as the set of all VALID strings, which in C are a long value interpreted as a pointer to a VALID (i.e., at least read-accessible by you) memory location which is interpreted as a sequence of bytes leading up to a NECESSARY terminal zero byte somewhere at or after that memory position and completely INSIDE a readable memory range. In the case of passing in a value that is from the input domain, the standard says that in case the string cannot be duplicated, a NULL pointer should be returned and errno set. What the standard explicitly says at other locations (that have been mentioned here) is that if a value is passed in that's not from the input domain, the behaviour is undefined. In FreeBSD's case it's a segfault, it could of course also be a NULL return, it could also be self-destruction of your computer, killing you or your user from high velocity flying parts. But, again, the behaviour is UNDEFINED, so do not count on it doing anything to (or against) your liking. Incidentally, a segfault is generally considered useful by many programmer, because it makes debugging a hell-of-a-lot easier (guess why gdb breaks to the debugger prompt on one). That's why you'd get a segfault on most (modern) operating systems. On DOS, however, you overwrote/copied the (real-mode) interrupt descriptor table, and thus when doing a write-access (by for example passing a FAR NULL pointer as the destination parameter of strcpy) basically broke your complete operating environment. That's so much less usable for development, isn't it? It's YOUR responsibility to pass in values that are from the valid input domain, and in case you don't do that, it's YOUR fault that you didn't and everything that follows is, again, UNDEFINED, as it depends on so many parameters that simply can't all be accounted in the standard you're citing. That's why it's UNDEFINED. Sorry for the many caps in the mail, but I really can't understand why people keep insisting that library functions have to do all and any kind of error checking for the programmer. For one, doing error checking like invalid pointers in library functions is a performance killer, and secondly, it's the friggin' programmers responsibility to make sure his input is in the input domain for the functions he calls. If he doesn't/can't do that, he should look for another job. </rant> -- Heiko Wundram
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804232041.04913.modelnine>