NULL argument to strcmp

[Fred L. Kleinschmidt]

What does the standard say about a NULL value being passed to strcmp?
For example,
static char *s1 = "xxx";
static char *s2=NULL;
int n = strcmp(s1,s2);
Should this be legal, or is it UB?

My HP handles it OK - the man page says it considers NULL values the
same as empty strings.

My Sun Solaris crashes - its man page says nothing about NULL values.

 

[Mike Wahler]

What does the standard say about a NULL value being passed to strcmp?

The behavior is undefined.

For example,
static char *s1 = "xxx";
static char *s2=NULL;
int n = strcmp(s1,s2);
Should this be legal, or is it UB?
UB.


My HP handles it OK - the man page says it considers NULL values the
same as empty strings.

That's an added 'feature' not required by the standard.

My Sun Solaris crashes - its man page says nothing about NULL values.

First note that the behaviors you describe are not inherent to
those systems, but to the C implementations you use on each.

If you want your code to be more robust and portable, check for
and prevent passing a NULL pointer.

if(s1 && s2)
int n = strcmp(s1,s2);
else
puts("What are you doing, Dave?\n"
"My memory is going... I can"
" feeeeel it....");

Of course this is only partial protection, it disallows
NULL pointers, but does not prevent 'garbage' pointers
(e.g. uninitialized or 'free()d').

-Mike

 

[gregg]

Of course this is only partial protection, it disallows
NULL pointers, but does not prevent 'garbage' pointers
(e.g. uninitialized or 'free()d').

How would a free'd pointer be detected, I was wondering ?
(as to uninitialised pointers, they are usually detected by a compiler,
aren't they)

 

[CBFalconer]

What does the standard say about a NULL value being passed to
strcmp? For example,
static char *s1 = "xxx";
static char *s2=NULL;
int n = strcmp(s1,s2);
Should this be legal, or is it UB?

My HP handles it OK - the man page says it considers NULL values
the same as empty strings.

My Sun Solaris crashes - its man page says nothing about NULL
values.

The standard says that null arguments to string functions produce
undefined behaviour. That means that acting as if it were an empty
string is legal. So is crashing with a dull thud. So is launching
an invasion of Iran.

 

[Sniper1]

How would a free'd pointer be detected, I was wondering ?

free(p);
p = NULL;

/* from this point, it's easy to know it's invalid */

 

[Richard Tobin]

My HP handles it OK - the man page says it considers NULL values the
same as empty strings.

In the distant past, many unix programs relied on this behaviour
(often inadvertently), because it worked that way on several systems,
notably VAXes running BSD. This was nothing to do with strcmp()
itself, just the fact that NULL pointers were (as is usual) address 0,
and that address could be read and contained 0.

My Sun Solaris crashes - its man page says nothing about NULL values.

And it was Sun that caused many of them to be fixed, when Sun unix
made page 0 be unmapped.

Several years later, the introduction of shared libraries on Suns
uncovered a lot more bugs in programs that relied on automatic
variables being initialised to 0.

-- Richard

 

[Keith Thompson]

How would a free'd pointer be detected, I was wondering ?

There's no portable way to do that other than carefully keeping track
yourself. The common trick of setting a pointer variable to NULL
after free()ing it doesn't help if there's another copy of the same
pointer value:

int *p = malloc(sizeof *p); /* assume malloc() succeeds */
int *q = p;

...

free(p);
p = NULL;
/*
* At this point, p is a null pointer, but q is still non-null and
* invalid
*/

(as to uninitialised pointers, they are usually detected by a
compiler, aren't they)

Don't count on it. Some compilers may warn you about some attempts to
use an uninitialized variable. Using command line options to increase
the warning level and the optimization level makes this more likely
(the latter because optimization requires more analysis, making some
errors easier to detect).

The bottom line is that you have to be careful. Tricks and compiler
warnings can supplement this, but they can't replace it.

 

[CBFalconer]

How would a free'd pointer be detected, I was wondering ?
(as to uninitialised pointers, they are usually detected by a
compiler, aren't they)

Those both result in undefined behaviour. This includes doing
nothing, handing your daughters over to a pimp, restoring Saddam to
his presidency, etc. C is not Pascal nor Ada, i.e. you are out
amongst the ravening beasts.

 

[Mike Wahler]

How would a free'd pointer be detected, I was wondering ?

There's no language construct to do this, your program must
keep track.

(as to uninitialised pointers, they are usually detected by a compiler,
aren't they)

Again, there's no language construct to do this. A compiler
could indeed be crafted that checks for them, but this is
typically only done in a 'debug mode'.

-Mike

 

[Richard Bos]

free(p);
p = NULL;

/* from this point, it's easy to know it's invalid */

p=malloc(100);

q=p+strlen(HEADER);

free(p);
p=0;

/* At this point, it's easy to mistake q for valid. */

Do your bookkeeping; do not rely on quick-and-dirty tricks.

Richard

 

[Keith Thompson]

Those both result in undefined behaviour. This includes doing
nothing, handing your daughters over to a pimp, restoring Saddam to
his presidency, etc. C is not Pascal nor Ada, i.e. you are out
amongst the ravening beasts.

<OT>
Even in Ada, dereferencing a freed pointer invokes the equivalent of
undefined behavior. I'm not sure whether examining its value does,
but I'm fairly sure there's no portable way to detect an invalid
pointer.
</OT>

 

[Lawrence Kirby]

What does the standard say about a NULL value being passed to strcmp?
For example,
static char *s1 = "xxx";
static char *s2=NULL;
int n = strcmp(s1,s2);
Should this be legal, or is it UB?

It is undefined behaviour.

My HP handles it OK - the man page says it considers NULL values the
same as empty strings.

Remember that man pages document the implementation. GOOD man pages tell
you what parts of that relate to standards and which parts are
implementation extensions. You can't rely on this though, even good ones
are rarely rigorous about every detail of standards conformance.

My Sun Solaris crashes - its man page says nothing about NULL values.

Hence undefined.

Lawrence

 

[Sascha Springer]

p=malloc(100);

q=p+strlen(HEADER);

/* At this point, it's easy to mistake q for valid because p can be
NULL. */

free(p);
p=0;

/* At this point, it's easy to mistake q for valid. */

Do your bookkeeping; do not rely on quick-and-dirty tricks.

Agreed!

Richard

Sascha

 

[Richard Bos]

The standard says that null arguments to string functions produce
undefined behaviour. That means that acting as if it were an empty
string is legal. So is crashing with a dull thud. So is launching
an invasion of Iran.

Surely not? The first two, yes, but certainly the latter is reserved for
implementations employed by paranoid chimps with a room-temperature IQ?

Richard

 

[CBFalconer]

Surely not? The first two, yes, but certainly the latter is
reserved for implementations employed by paranoid chimps with a
room-temperature IQ?

We have a precedent regarding Iraq, which tends to support your
theory.

 

[Keith Thompson]

We have a precedent regarding Iraq, which tends to support your
theory.

I suggest that introducing political discussions into this newsgroup,
particularly involving US foreign policy, is not likely to improve the
signal-to-noise ratio. (I mention this without reference to my own
opinions on the subject.)