Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 May 2003 20:02:00 +1000 (EST)
From:      Bruce Evans <bde@zeta.org.au>
To:        Seva Gluschenko <gvs@rinet.ru>
Cc:        Dag-Erling Smorgrav <des@freebsd.org>
Subject:   Re: bin/52691: str[n][case]cmp may cause segmentation violationwith NULL pointers passed
Message-ID:  <20030527194116.V1802@gamplex.bde.org>
In-Reply-To: <20030527121942.W33922@road.demos.su>
References:  <200305262053.h4QKr3GB026031@freefall.freebsd.org> <20030527121942.W33922@road.demos.su>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, 27 May 2003, Seva Gluschenko wrote:

> Message of Dag-Erling Smorgrav at May 26 13:53 ...
>
> DS> Synopsis: str[n][case]cmp may cause segmentation violation with NULL pointers passed
> DS>
> DS> State-Changed-From-To: open->closed
> DS> State-Changed-By: des
> DS> State-Changed-When: Mon May 26 13:53:02 PDT 2003
> DS> State-Changed-Why:
> DS> The bug is in the application that passes NULL to strcmp.
>
> Well, sir, can you please quote me some ISO C89 or another standard
> which allows str*cmp not to care about NULL pointers?

>From n869.txt (a text version of a draft of C99):

%%%
       7.21  String handling <string.h>

       7.21.1  String function conventions

       [#1] The header <string.h> declares  one  type  and  several
       functions,  and  defines  one  macro useful for manipulating
       arrays of character type and other objects treated as arrays
       of  character type.245)  The type is size_t and the macro is
       NULL (both described in 7.17).  Various methods are used for
       determining  the  lengths  of the arrays, but in all cases a
       char * or void * argument  points  to  the  initial  (lowest
       addressed)  character of the array.  [...]
%%%

NULL doesn't point to an object, so the behavior is undefined (even
for the mem* functions with a count of 0).

Also, the str* functions take args that are are pointers to the
first element of a string; a string is a '\0'-terminated array of
char; it is an object so the pointer to the first element of it
cannot be NULL.

I couldn't find where the standard explicitly defines "string".  In
7.21.1, it carefully avoids saying "string" since it wants to
permit the possibly-non-'\0'-terminated arrays of char that are
handled by the mem* functions.

Bruce

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030527194116.V1802>