Fwd: strdup(NULL) supposed to create SIGSEGV?

Kostik Belousov kostikbel at gmail.com
Wed Apr 23 12:03:49 UTC 2008 

On Wed, Apr 23, 2008 at 02:19:53AM -0700, Garrett Cooper wrote:
> On Wed, Apr 23, 2008 at 1:30 AM, Bernard van Gastel <bvgastel at bitpowder.com>
> wrote:
> 
> >
> > Op 23 apr 2008, om 08:50 heeft Mike Meyer het volgende geschreven:
> >
> > > On Tue, 22 Apr 2008 22:40:21 -0700
> > > "Garrett Cooper" <yanefbsd at gmail.com> wrote:
> > >
> > >  Hi all,
> > > >    I made an oops in a program, which uncovered "feature" in strdup(2)
> > > > that I wasn't aware of before. So I was wondering, is strdup(pointer =
> > > > NULL)
> > > > supposed to segfault should this just return NULL and set errno?
> > > >
> > >
> > > Yes, it's supposed to segfault. Check out what, say, strcpy does if
> > > you ask it to copy a NULL pointer. And this is an improvement from the
> > > bad old days, when they would happily walk through memory starting at
> > > 0.....
> > >
> >
> > I don't like it this way. I would like:
> >
> > strdup(NULL) = NULL
> > strdup(string) = copy of string
> >
> > strcpy(NULL, NULL) = NULL
> > strcpy(s1, NULL) = ERROR
> > strcpy(NULL, s2) = NULL (with s2 unchanged)
> > strcpy(s1, s2) = normal
> >
> > But I am not sure of the implications. Maybe in some situation it is
> > bad... Anyone?
> >
> >
> > > Besides, errno is used to signal errors from system calls. strdup
> > > isn't a system call, it's a library function (says so at the top of
> > > the man page).
> > >
> >
> > But strdup uses malloc, which is a system call (from the strdup manual: If
> > insufficient memory is available, NULL is returned and errno is set to
> > ENOMEM.)
> >
> > Regards,
> >        Bernard
> >
> >
> I was more concerned about the fact that there wasn't any documentation that
> said something -- either implicitly or explicitly -- that strdup(NULL)
> causes a segfault.
> 
> Of course I did some more research after you guys gave me some replies and
> realized I'm not the first person to bumble across this fact, but I haven't
> found FreeBSD or Linux documentation supporting that errata. It was harmless
> in my tiny program, but I would hate to be someone adding that assumption to
> a larger project with multiple threads and a fair number of lines...
> 
> *shrugs*.
> 
> -Garrett
> 
> PS I'm as much against POLA changes as the next guy. I just don't like
> shooting myself in the foot too terribly much :).

From the ISO/IEC 9899:1999 (E), 7.1.4, clause 1
Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow: If an argument to
a function has an invalid value (such as a value outside the domain of
the function, or a pointer outside the address space of the program,
or a null pointer, or a pointer to non-modifiable storage when the
corresponding parameter is not const-qualified) or a type (after
promotion) not expected by a function with variable number of arguments,
the behavior is undefined.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20080423/3e74e9d9/attachment.pgp

More information about the freebsd-hackers mailing list