bin/52691: str[n][case]cmp may cause segmentation violationwith
NULL pointers passed
bde at zeta.org.au
Tue May 27 03:02:14 PDT 2003
On Tue, 27 May 2003, Seva Gluschenko wrote:
> Message of Dag-Erling Smorgrav at May 26 13:53 ...
> DS> Synopsis: str[n][case]cmp may cause segmentation violation with NULL pointers passed
> DS> State-Changed-From-To: open->closed
> DS> State-Changed-By: des
> DS> State-Changed-When: Mon May 26 13:53:02 PDT 2003
> DS> State-Changed-Why:
> DS> The bug is in the application that passes NULL to strcmp.
> Well, sir, can you please quote me some ISO C89 or another standard
> which allows str*cmp not to care about NULL pointers?
>From n869.txt (a text version of a draft of C99):
7.21 String handling <string.h>
7.21.1 String function conventions
[#1] The header <string.h> declares one type and several
functions, and defines one macro useful for manipulating
arrays of character type and other objects treated as arrays
of character type.245) The type is size_t and the macro is
NULL (both described in 7.17). Various methods are used for
determining the lengths of the arrays, but in all cases a
char * or void * argument points to the initial (lowest
addressed) character of the array. [...]
NULL doesn't point to an object, so the behavior is undefined (even
for the mem* functions with a count of 0).
Also, the str* functions take args that are are pointers to the
first element of a string; a string is a '\0'-terminated array of
char; it is an object so the pointer to the first element of it
cannot be NULL.
I couldn't find where the standard explicitly defines "string". In
7.21.1, it carefully avoids saying "string" since it wants to
permit the possibly-non-'\0'-terminated arrays of char that are
handled by the mem* functions.
More information about the freebsd-bugs