NULL to strlen function

[jaysome]

struct Struct *astruct = NULL;

suddenly this becomes a valid parameter to strcmp comparing equal to ""

It does not happen so suddenly. If you have some contrived code like
the following:

#include <string.h>
int main(void)
{
struct Struct *astruct = NULL;
(void)strcmp(astruct,"");
return 0;
}

then it should not even compile, under Standard C.

The Standard C function strcmp() has a prototype whose first argument
is of type const char *. The above code passes an object of type
struct Struct * as its first argument to strcmp(). The types const
char * and struct Struct * are not compatible (meaning that there is
no implicit conversion between the two), and a Standard C-compliant
compiler MUST reject such an incompatibility.

Some might think that a simple "fix" is to explicitly convert astruct
to type const char * or just char *:

#include <string.h>
int main(void)
{
struct Struct *astruct = NULL;
(void)strcmp((char *)astruct,"");
return 0;
}

Never, ever, do this type of thing under these circumstances.
Silencing compiler warnings or errors with explicit casts can get you
into real, terrible, trouble.

Best regards

 

[Richard Bos]

Interesting. My intuition would be that -- assuming that the call
doesn't segfault -- it'd compare equal. That's the more logical thing
to me, since novice programmers don't see a difference between NULL and
"", and certain things get a lot simpler if you require that to be true.

Database developers burst out in tears.

FYI, there's a world of difference between "there's no valid data for
this item (yet)" and "the valid data for this item is blank".

Richard

 

[Stephen Sprunk]

Database developers burst out in tears.

FYI, there's a world of difference between "there's no valid data for
this item (yet)" and "the valid data for this item is blank".

If the caller cares about the distinction, they could always use == to
test the two arguments before passing them to strcmp(). Presently, one
must test both arguments against NULL anyways before calling strcmp()
because failing to do so may cause a crash. What I suggest reduces the
amount of work for most folks and makes it no worse for the rest.

S

 

[Richard Tobin]

Presently, one
must test both arguments against NULL anyways before calling strcmp()
because failing to do so may cause a crash.

This is only needed if there is some possibility that one of them
might be null, which is almost never the case in my code. And if I
were writing a library function that passed one of its arguments to
strcmp(), then I would only test it if the function was supposed to
accept null; if not then I would leave it to strcmp() to crash.

In effect I rely on something the C standard doesn't guarantee: that
strcmp() *will* crash if I make the mistake of giving it a null
argument, rather than producing some result. This is a
quality-of-implementation issue.

-- Richard

 

[Charles Richmond]

To be slightly more accurate, strlen expects a pointer to a
string. Does NULL point to a string.

No...but a pointer to a NUL byte points to a zero-length
string... ;-)