Sorry, I went to bugzilla before reading all the e-mails here. As I commented on the bug report states, there is nothing fishy going on. While strlen(NULL) will always segfault, htcpBuildCountstr() wraps the strlen() call with a check for a NULL pointer:

260        if (s)
261        len = strlen(s);
262        else
263        len = 0;

We could certainly add code to initialize req_hdrs to an empty string, but with code like this, I'm suspicious that other function calls are passing null pointers as well and the check won't be able to be removed easily.

--Jason

Henrik Nordstrom wrote:
fre 2009-10-02 klockan 02:52 -0400 skrev Matt W. Benjamin:
Bzero?  Is it an already-allocated array/byte sequence?  (Apologies, I haven't 
seen the code.)  Assignment to NULL/0 is in fact correct for initializing a 
sole pointer, and using bzero for that certainly isn't typical.  Also, for 
initializing a byte range, memset is preferred [see Linux BZERO(3), which 
refers to POSIX.1-2008 on that point].

STYLE(9) says use NULL rather than 0, and it is clearer.  But C/C++ programmers 
should know that NULL is 0.  And note that at least through 1998, 
initialization to 0 was the preferred style in C++, IIRC.

You are both right.

the whole stuff should be zeroed before filled in to avoid accidental
leakage of "random" values from the stack, which also makes the explicit
assignment redundant.

bzero is not the right call (BSD specific), memset is preferred.

In C (which is what Squid-2 is written in) NULL is the right initializer
for pointers in all contexts.

C++ is different... no universally accepted pointer initializer value
there due to the slightly different type checks on pointers, often
needing casting.

But something is fishy here.. see my comment in bugzilla.

Regards
Henrik

Reply via email to