Vincent Lefevre wrote, on 10 Sep 2024: > > On 2024-09-10 12:31:24 +0100, Geoff Clare via austin-group-l at The Open > Group wrote: > > I think what the C standard says for <string.h> is just a reminder > > that the general rule about invalid arguments still applies even in > > the case when a length of zero is specified. The actual requirements > > relating to invalid arguments are in 7.1.4 in C23 and XSH 2.1.1 in > > POSIX.1-2024. > > > > The POSIX text is: > > > > If an argument to a function has an invalid value, such as a value > > outside the domain of the function, a pointer to an object whose > > lifetime has ended (even if a new object now has the same address), > > a pointer outside the address space of the program, or a null > > pointer, the behavior is undefined. > > > > This forbids passing a null pointer to strnlen() (regardless of what > > the given length is) since there is no explicit statement that a null > > pointer is allowed. Compare with strxfrm() where the description > > says "If n is 0, s1 is permitted to be a null pointer." > > OK. Then what about free(NULL)? > > Note that > > https://pubs.opengroup.org/onlinepubs/9799919799/functions/free.html > > documents the behavior on the null pointer, but has no text to *allow* > it, exactly like the strnlen(0,0) case (where the description is > sufficient to determine the behavior if this case is allowed).
I can see that my earlier statement was a bit misleading. There doesn't need to be an explicit statement that passing a null pointer is allowed, just something that overrides that quoted text from 2.1.1. The relevant part of 2.1.1 is of the form "unless explicitly stated otherwise ... the behavior is undefined". Any text that defines the behaviour for a null pointer is sufficient to override this. -- Geoff Clare <[email protected]> The Open Group, Apex Plaza, Forbury Road, Reading, RG1 1AX, England
