From owner-freebsd-hackers  Tue Oct 22 04:01:39 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id EAA22255
          for hackers-outgoing; Tue, 22 Oct 1996 04:01:39 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA22246
          for <freebsd-hackers@freebsd.org>; Tue, 22 Oct 1996 04:01:33 -0700 (PDT)
Received: from rover.village.org (localhost [127.0.0.1]) by rover.village.org (8.7.6/8.6.6) with ESMTP id FAA15578; Tue, 22 Oct 1996 05:00:41 -0600 (MDT)
Message-Id: <199610221100.FAA15578@rover.village.org>
To: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Subject: Re: libc string routines don't check for NULL pointers 
Cc: freebsd-hackers@freebsd.org
In-reply-to: Your message of "Tue, 22 Oct 1996 18:12:44 +1000."
		<Pine.BSF.3.91.961022180422.548J-100000@panda.hilink.com.au> 
References: <Pine.BSF.3.91.961022180422.548J-100000@panda.hilink.com.au>  
Date: Tue, 22 Oct 1996 05:00:41 -0600
From: Warner Losh <imp@village.org>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message
<Pine.BSF.3.91.961022180422.548J-100000@panda.hilink.com.au> "Daniel
O'Callaghan" writes: 
: The string comparison (and other) routines in libc don't check for null 
: pointers being passed.  This results in SEGVs if one or both of the 
: string pointers being passed is NULL.  I can see a religious debate here, 
: but I'm going to raise the issue:  Should str*cmp() handle NULL arguments.

NULL pointers are strictly undefined when it comes to str*cmp.  There
is a fundamental difference between a pointer to a NUL character, and
a NULL pointer (which points to nothing at all, not to a null string).
It is not at all clear that the programmer intended to pass a NULL
pointer to indicate a null string.  Long experience has shown me at
least that this is almost always the result of a bug in the program.
Finally, many systems do *NOT* allow NULL pointers for these routines
and die the horrible death there.  Changing them is likely not an
option, and catering to the NULL pointer crowd only makes it harder to
port away from FreeBSD.  Dying on NULL pointer references is one way
to ensure happier programmers down the line when they go to port their
code (and history has shown me that even the basest hacks will live
longer than the hardware sometimes).

str*cmp and friends should be hard asses about this and should give
the programer a nice core file when this happens, subject to local
security constraints.  NULL pointer checking can slow down these
routines, but I've never seen numbers to back up speed differences.

Just my humble opinion from about 10 years of doing this stick.
Others may disagree.

Warner