From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 23 10:03:11 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0755D106564A for ; Wed, 23 Apr 2008 10:03:11 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id D12818FC17 for ; Wed, 23 Apr 2008 10:03:10 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 3DF8746B80; Wed, 23 Apr 2008 06:03:10 -0400 (EDT) Date: Wed, 23 Apr 2008 11:03:10 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Garrett Cooper In-Reply-To: <7d6fde3d0804230219q13d204f2wda4a5f271b9a0e66@mail.gmail.com> Message-ID: <20080423105319.V35222@fledge.watson.org> References: <7d6fde3d0804222240j6b42b77yd86d8accb5a959fa@mail.gmail.com> <20080423025048.6b51a580@bhuda.mired.org> <5F412E73-29FC-4876-A6F0-9BC269876192@bitpowder.com> <7d6fde3d0804230219x209bd707u30150581abc74802@mail.gmail.com> <7d6fde3d0804230219q13d204f2wda4a5f271b9a0e66@mail.gmail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: hackers@freebsd.org Subject: Re: Fwd: strdup(NULL) supposed to create SIGSEGV? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2008 10:03:11 -0000 On Wed, 23 Apr 2008, Garrett Cooper wrote: >> But strdup uses malloc, which is a system call (from the strdup manual: If >> insufficient memory is available, NULL is returned and errno is set to >> ENOMEM.) FYI, malloc(3) is actually a library call, and while it obviously does invoke system calls (mmap(2) on modern systems), it has some fairly complex logic for managing and caching memory provided by the kernel. > I was more concerned about the fact that there wasn't any documentation that > said something -- either implicitly or explicitly -- that strdup(NULL) > causes a segfault. > > Of course I did some more research after you guys gave me some replies and > realized I'm not the first person to bumble across this fact, but I haven't > found FreeBSD or Linux documentation supporting that errata. It was harmless > in my tiny program, but I would hate to be someone adding that assumption to > a larger project with multiple threads and a fair number of lines... Consider the following counter-arguments: - In C, a string is a sequence of non-nul characters followed by a nul character terminating the string. NULL is therefore not a valid string. - Currently, strdup(3) has an unambiguous error model: if it returns a non-NULL string has succeeded, and if it has failed, it returns NULL and sets errno. If NULL becomes a successful return from strdup(3), then this is no longer the case, breaking the assumptions of currently correct consumers. Robert N M Watson Computer Laboratory University of Cambridge