>>> char *lp = p->s;
>>> if (p == NULL || lp == NULL) {
>> This code is, and always has been, broken; it is accessing p->s
>> before it knows that p isn't nil.
> How do you know for sure?
> What if all calls to foo() are written as such:
> if (p) foo(p);
The code is still broken: it implies, with its test of p, that it's
supposed to be tolerant of p being nil - which it isn't. Even if none
of the extant calls point up that problem.
Of course, this was supposed to be security/safety-sensitive code,
right? So naturally it has an interface contract. What does that
specify for the case where p is nil? If it specifies that such calls
are erroneous, then the code is just sloppy and misleading (which I
suppose could be considered brokenness at a different level), but I
_still_ don't want whoever wrote it anywhere near anything
security/safety-sensitive I'm using.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mo...@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
