references to dereferenced null pointers
Karl Heuer
karl at haddock.ima.isc.com
Thu Mar 15 11:23:33 AEST 1990
In article <1990Mar14.164539.23685 at utzoo.uucp> henry at utzoo.uucp (Henry Spencer) writes:
>There is absolutely nothing wrong with having a pointer representation in
>which the bit pattern for a null pointer is not all zeros... except that
>there are a lot of old, badly-written programs which will break. Thus my
>earlier comment that it is valid but unwise.
Note that "p = 0", "p == 0", "!p", "char *f() { return 0; }" are *not*
examples of such badly-written code; they may be bad style, but the compiler
is required to generate correct code involving a true null pointer. The only
"dangerous" context (other than hacking with unions and such) is when a null
pointer constant is being passed as an argument to a function. (In C++ and
ANSI C, any argument not covered by a prototype. In old C, any function
argument at all.) In particular, neither of the two calls
execl("/bin/sh", "sh", "-i", 0);
execl("/bin/sh", "sh", "-i", NULL);
is correct; it should be written as either of
execl("/bin/sh", "sh", "-i", (char *)0);
execl("/bin/sh", "sh", "-i", (char *)NULL);
But this problem can occur even without strange null pointers: such sloppy
code will already break on certain implementations where pointers and ints
have different lengths.
Karl W. Z. Heuer (karl at ima.ima.isc.com or harvard!ima!karl), The Walking Lint
Followups to comp.lang.c.
More information about the Comp.lang.c
mailing list