tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NULL pointer arithmetic issues

>>> 		char *lp = p->s;
>>> 		if (p == NULL || lp == NULL) {
>> This code is, and always has been, broken; it is accessing p->s
>> before it knows that p isn't nil.
> How do you know for sure?
> What if all calls to foo() are written as such:
> 	if (p) foo(p);

The code is still broken: it implies, with its test of p, that it's
supposed to be tolerant of p being nil - which it isn't.  Even if none
of the extant calls point up that problem.

Of course, this was supposed to be security/safety-sensitive code,
right?  So naturally it has an interface contract.  What does that
specify for the case where p is nil?  If it specifies that such calls
are erroneous, then the code is just sloppy and misleading (which I
suppose could be considered brokenness at a different level), but I
_still_ don't want whoever wrote it anywhere near anything
security/safety-sensitive I'm using.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index