Subject: Re: CVS commit: basesrc
To: Jaromir Dolecek <dolecek@ics.muni.cz>
From: Luke Mewburn <lukem@goanna.cs.rmit.edu.au>
List: source-changes
Date: 09/10/1999 09:25:01
Jaromir Dolecek writes:
> Luke Mewburn wrote:
> > check dst and src aren't null pointers before trying to use them
> > enable strlcat/strlcpy
> 
> Please DO NOT check the dst and src whether they are null. Feedeing
> NULL pointer to it is a programming error and I strongly prefer
> sigsegving immedially than running into some other problem later.
> Lack of NULL check in libc routines helped me many times to uncover
> the real problem.

I beg to differ. Checking arguments before use is good practice. I've
seen enough cases of obscure behaviour that wasn't just a simple
`core dump' to know that helping the programmer by checking arguments
is worth it.

I feel that this attitude of relying upon a SIGSEGV is actually bad
practice. You may not trigger the bad code immediately in your
testing, and it may be years later before that code is triggered, in
a situation where the user finds themself with a coredump and not
understanding what went wrong.


I have been working on a project which adds diagnostic checks to a
large number of the system library functions. It actually comprises
of two steps:
	a) check the arguments with _DIAGASSERT(), which currently
	   just prints to stderr and syslog if the assertion fails
	b) check the arguments with a normal test, and return an
	   appropriate error value (possibly setting errno too)

I've already found & fixed bugs in sendmail, groff, and tcsh.