From owner-freebsd-current  Wed Jan  1 06:23:02 1997
Return-Path: <owner-current>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id GAA29476
          for current-outgoing; Wed, 1 Jan 1997 06:23:02 -0800 (PST)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id GAA29470;
          Wed, 1 Jan 1997 06:23:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id GAA10526; Wed, 1 Jan 1997 06:22:49 -0800 (PST)
Message-Id: <199701011422.GAA10526@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: phk@freebsd.org
cc: current@freebsd.org
Subject: Re: <sys/queue.h> potential for panic 
In-reply-to: Your message of "Wed, 01 Jan 1997 13:52:37 +0100."
             <12720.852123157@critter.dk.tfs.com> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Wed, 01 Jan 1997 06:22:49 -0800
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>
>TAILQ_REMOVE and STAILQ_REMOVE would panic with a zero dereference
>if you tried to remove something not on the queue.
>
>Wouldn't it make sense to avoid that, or would the overhead be considered
>prohibitive ?

   It would be a software error if multiple TAILQ_REMOVEs occurred (in just
the same way that multiple frees are a bug), so the condition must be caught.
I think a NULL dereference is not unreasonable (better than adding needless
extra cost checking).

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project