There are two cases. Sometimes a null pointer is used to indicate that some value is not supplied or that the caller does not want some output stored. In that case, the check must be done.
But many times a valid pointer must be supplied. In that case, I don't think it is a necessarily a bug to not check. There are several reasons I hold this position: 1. On most systems, the hardware is going to check anyway, and the program will die of a segfault. 2. As a developer or engineer, I'd much rather know exactly what went wrong than get some error 3 levels up that says "invalid parameter" and I have no idea what was invalid. 3. A zero pointer is just one about about 4 billion possible invalid pointers. What's so special about this one that we should spend cycles and coding time, and testing time, checking for it? It can be argued that if you are in a situation where you are expected to clear sensitive data, then you had better do the test so each level above can clear the sensitive data is it responsible for. However, in most software environments, this is kind of weak. If the caller or user can cause a null pointer to be dereferenced, he can probably also cause a non-null invalid pointer to be dereferenced and cause a segfault anyway. -- David Jacobson --- On Mon, 2/16/09, Martin Kaiser <[email protected]> wrote: From: Martin Kaiser <[email protected]> Subject: NULL pointer check before dereferencing To: [email protected] Date: Monday, February 16, 2009, 3:32 PM Dear OpenSSL developers, what is your policy regarding NULL pointer checks? Looking through the code, I see some functions that receive a pointer parameter and dereference it without checking for NULL first. Examples are SSL_accept(SSL *s) or RSA_sign(..., RSA *rsa). Do you consider such behaviour a bug? Or is it just too obvious that calling these functions with a NULL argument makes no sense at all? Best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
