Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: basesrc

Jaromir Dolecek writes:
> Luke Mewburn wrote:
> > check dst and src aren't null pointers before trying to use them
> > enable strlcat/strlcpy
> Please DO NOT check the dst and src whether they are null. Feedeing
> NULL pointer to it is a programming error and I strongly prefer
> sigsegving immedially than running into some other problem later.
> Lack of NULL check in libc routines helped me many times to uncover
> the real problem.

I beg to differ. Checking arguments before use is good practice. I've
seen enough cases of obscure behaviour that wasn't just a simple
`core dump' to know that helping the programmer by checking arguments
is worth it.

I feel that this attitude of relying upon a SIGSEGV is actually bad
practice. You may not trigger the bad code immediately in your
testing, and it may be years later before that code is triggered, in
a situation where the user finds themself with a coredump and not
understanding what went wrong.

I have been working on a project which adds diagnostic checks to a
large number of the system library functions. It actually comprises
of two steps:
        a) check the arguments with _DIAGASSERT(), which currently
           just prints to stderr and syslog if the assertion fails
        b) check the arguments with a normal test, and return an
           appropriate error value (possibly setting errno too)

I've already found & fixed bugs in sendmail, groff, and tcsh.

Home | Main Index | Thread Index | Old Index