Re: NULL passed as an argument to memcmp() in parse_func.c

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Glen Knowles <gknowles(at)ieee(dot)org>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Piotr Stefaniak <postgres(at)piotr-stefaniak(dot)me>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: NULL passed as an argument to memcmp() in parse_func.c
Date: 2015-06-23 16:42:11
Message-ID: 13111.1435077731@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Glen Knowles <gknowles(at)ieee(dot)org> writes:
> It appears that, according to the standard, passing NULL to memcmp is
> undefined behavior, even if the count is 0. See
> http://stackoverflow.com/questions/16362925/can-i-pass-a-null-pointer-to-memcmp
> for C99 and C++ standard references.

Hmm ... looks like that's correct. I had not noticed the introductory
paragraphs. For those following along at home, the relevant text in
C99 is in "7.21.1 String function conventions":

[#2] Where an argument declared as size_t n specifies the
length of the array for a function, n can have the value
zero on a call to that function. Unless explicitly stated
otherwise in the description of a particular function in
this subclause, pointer arguments on such a call shall still
have valid values, as described in 7.1.4. On such a call, a
function that locates a character finds no occurrence, a
function that compares two character sequences returns zero,
and a function that copies characters copies zero
characters.

and the relevant text from 7.1.4 is

[#1] Each of the following statements applies unless
explicitly stated otherwise in the detailed descriptions |
that follow: If an argument to a function has an invalid
value (such as a value outside the domain of the function,
or a pointer outside the address space of the program, or a
null pointer) or a type (after promotion) not expected by a
function with variable number of arguments, the behavior is
undefined.

So it looks like we'd better change it.

I am not sure whether to put in the nargs == 0 test suggested yesterday
or to just insist that callers not pass NULL. A quick grep suggests that
there is only one such caller right now, namely this bit in ruleutils.c:

appendStringInfo(&buf, "EXECUTE PROCEDURE %s(",
generate_function_name(trigrec->tgfoid, 0,
NIL, NULL,
false, NULL, EXPR_KIND_NONE));

You could certainly argue that that's taking an unwarranted shortcut.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2015-06-23 16:50:19 Re: less log level for success dynamic background workers for 9.5
Previous Message Fujii Masao 2015-06-23 16:40:45 Re: pg_rewind failure by file deletion in source server