tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NULL pointer arithmetic issues
>>> char *lp = p->s;
>>> if (p == NULL || lp == NULL) {
>> This code is, and always has been, broken; it is accessing p->s
>> before it knows that p isn't nil.
> How do you know for sure?
> What if all calls to foo() are written as such:
> if (p) foo(p);
The code is still broken: it implies, with its test of p, that it's
supposed to be tolerant of p being nil - which it isn't. Even if none
of the extant calls point up that problem.
Of course, this was supposed to be security/safety-sensitive code,
right? So naturally it has an interface contract. What does that
specify for the case where p is nil? If it specifies that such calls
are erroneous, then the code is just sloppy and misleading (which I
suppose could be considered brokenness at a different level), but I
_still_ don't want whoever wrote it anywhere near anything
security/safety-sensitive I'm using.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index