Date: Thu, 10 Mar 2005 08:18:27 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: Dan Allen <danallen46@airwired.net> Cc: Gleb Smirnoff <glebius@FreeBSD.org> Subject: Re: kern/78256: strstr could be more robust Message-ID: <20050310080804.S48960@delplex.bde.org> In-Reply-To: <16e5d2d5e1683cd7fd3f4c9e8a3da2e3@airwired.net> References: <200503091418.j29EIP4e033478@freefall.freebsd.org> <16e5d2d5e1683cd7fd3f4c9e8a3da2e3@airwired.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Mar 2005, Dan Allen wrote: > On Mar 9, 2005, at 7:18 AM, Gleb Smirnoff wrote: >> Not a bug, sorry. See also bin/52691. > Why are you so reluctant to add one test to improve robustness? Since it is > not specified one way or the other in the standard, it will not break > compatibility with the standard. So it is not a bug technically - you still > could with a single line of C code improve the robustness of the system. Not > doing so seems shortsighted. Adding the test would unimprove robustness (except on systems that don't trap on null pointers -- then a test, followed by a call to abort() or signal(), would be needed to give the same behaviour as a null pointer trap). Aborting a program immediately when undefined behaviour in it is detected improves robustness by limiting the undefined behaviour to just halting the program and possibly generating a core dump, and by making the bug obvious and easy to debug so that it gets fixed. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050310080804.S48960>