Eric Blake <[EMAIL PROTECTED]> writes:
> I think that it is a bug to attach the nonnull attribute to
> memcmp parameters (for the very reason that a compare of 0
> bytes should not dereference the pointer, so passing NULL is
> not necessarily a bug).
I am not sure that passing a null pointer to memcmp is valid even
if the number of bytes to compare is zero.
C99 7.21.1 "String function conventions" says, in part:
Where an argument declared as size_t n specifies the length
of the array for a function, n can have the value zero on a
call to that function. Unless explicitly stated otherwise
in the description of a particular function in this
subclause, pointer arguments on such a call shall still have
valid values, as described in 7.1.4.
C99 7.1.4 says explicitly that a null pointer is an invalid
value:
Each of the following statements applies unless explicitly
stated otherwise in the detailed descriptions that follow:
If an argument to a function has an invalid value (such as a
value outside the domain of the function, or a pointer
outside the address space of the program, or a null pointer,
or a pointer to non-modifiable storage when the
corresponding parameter is not const-qualified) or a type
(after promotion) not expected by a function with variable
number of arguments, the behavior is undefined.
The description of memcmp doesn't have any clarification. I
don't see anything more specific in SUSv3 either.
--
Ben Pfaff
http://benpfaff.org
