This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Those obnoxious "mktemp is not safe" warnings
- To: Zack Weinberg <zackw at Stanford dot EDU>
- Subject: Re: Those obnoxious "mktemp is not safe" warnings
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Date: Thu, 22 Mar 2001 00:08:03 +0000 (GMT)
- cc: Michael Meissner <meissner at cygnus dot com>, Richard Henderson <rth at redhat dot com>, DJ Delorie <dj at redhat dot com>, <gcc-patches at gcc dot gnu dot org>
On Wed, 21 Mar 2001, Zack Weinberg wrote:
> I'd also point out that we cannot rely on the library to define NULL
> as ((void *) 0) - it is often 0, and *required* to be plain 0 in
> C++ (yes, I know about __null)...
>
> Hm, maybe we should have __null in C?
I don't think we really want the additional complexity of __null.
One thing I wondered about: a natural (and I think previously discussed)
extension of the idea of Marc Espie's __attribute__((__nonnull__)) patch
would be to check calls to function such as execl that require
NULL-terminated argument lists. It was noted on the Austin Group list
that one of the Austin Group drafts contained defective examples using
NULL (not cast to (char *) as required). In principle one might check for
and warn about the use of uncast NULL in such a case. But both ways of
doing this - a magic __null, or making it possible to use integrated CPP
to ask "is this argument the result of expanding a definition of NULL that
was defined in a system header" [so unportable to systems that use plain 0
even if that header used ((void *)0)], seem to involve excess complication
for the limited gain. (However, the basic checking for execl-like
functions that they get a series of char * arguments, made up of the
correct number of (char * or void *) NULL terminated lists, would make
sense to implement.)
--
Joseph S. Myers
jsm28@cam.ac.uk