Date: Tue, 27 May 2003 12:57:25 +0400 (MSD) From: Seva Gluschenko <gvs@rinet.ru> To: Peter Pentchev <roam@ringlet.net> Cc: Dag-Erling Smorgrav <des@FreeBSD.org> Subject: Re: bin/52691: str[n][case]cmp may cause segmentation violationwith NULL pointers passed Message-ID: <20030527124544.Q33922@road.demos.su> In-Reply-To: <20030527083139.GA513@straylight.oblivion.bg> References: <200305262053.h4QKr3GB026031@freefall.freebsd.org> <20030527083139.GA513@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Message of Peter Pentchev at May 27 11:31 ... PP> > DS> The bug is in the application that passes NULL to strcmp. PP> > Well, sir, can you please quote me some ISO C89 or another standard PP> > which allows str*cmp not to care about NULL pointers? PP> I think that in this case, the burden just might be on the programmer; PP> with all due respect, could you quote any part of the standard that PP> specifies that str[n]cmp behaves in a special way about NULL pointers? PP> In my experience, such behavior is usually explicitly documented, such PP> as the EBADF or EINVAL error returns from select(2), under an 'ERRORS' PP> or similar section of the standard. The SUSv3 description of PP> strncmp(3), available online for a free registration at PP> http://www.unix-systems.org/single_unix_specification/, does not seem to PP> mention NULL pointers or error conditions anywhere, except for the 'no PP> errors are defined' sentence in the 'ERRORS' section. Well, they aren't mentioned, really. But, what exactly programmer must carry that burden - that one who passes NULL pointers to str*cmp (as soon as they really NOT mentioned, one can suppose it IS safe?) or that one who uses NULL pointers as if they weren't NULL (inside str*cmp) and thus breaks any idea of programming style etc? If I wasn't clear, the question is: who carries responsibility for checking pointers, that one who passes or that one who uses? The first answer of course satisfies those who wrote that code years ago, because they shouldn't worry about clearance of their code now. The second answer has more sense for me, however: one MUST care about pointers he uses if he wants non-exploitable and non-crashable code. If he refuses such a responsibility and wants to write the dirty and blind code, one MUST document it, saying "these functions will crash when NULL pointers are passed". Not every man on the Earth has time and patience and the source code of library functions to check out and to write test patterns proving the behaviour. If it claims to be the library, it MUST be clear. SY, Seva Gluschenko, just stranger on The Road. Demos-Internet NOC | GVS-RIPE | GVS3-RIPN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030527124544.Q33922>