[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: basesrc
Jaromir Dolecek writes:
> Luke Mewburn wrote:
> > check dst and src aren't null pointers before trying to use them
> > enable strlcat/strlcpy
> Please DO NOT check the dst and src whether they are null. Feedeing
> NULL pointer to it is a programming error and I strongly prefer
> sigsegving immedially than running into some other problem later.
> Lack of NULL check in libc routines helped me many times to uncover
> the real problem.
I beg to differ. Checking arguments before use is good practice. I've
seen enough cases of obscure behaviour that wasn't just a simple
`core dump' to know that helping the programmer by checking arguments
is worth it.
I feel that this attitude of relying upon a SIGSEGV is actually bad
practice. You may not trigger the bad code immediately in your
testing, and it may be years later before that code is triggered, in
a situation where the user finds themself with a coredump and not
understanding what went wrong.
I have been working on a project which adds diagnostic checks to a
large number of the system library functions. It actually comprises
of two steps:
a) check the arguments with _DIAGASSERT(), which currently
just prints to stderr and syslog if the assertion fails
b) check the arguments with a normal test, and return an
appropriate error value (possibly setting errno too)
I've already found & fixed bugs in sendmail, groff, and tcsh.
Main Index |
Thread Index |