This is the mail archive of the
libstdc++@gcc.gnu.org
mailing list for the libstdc++ project.
Re: Passing 0 for number of bytes to be scanned in memchr
On 16/02/17 12:40 +0000, Aditya K wrote:
If __s is a null pointer then passing it to memchr is undefined.
That means we are missing the check when __s == nullptr?
No.
I also wanted to know what happens when __n is zero in the case of memchr. I think memchr returns null in this case so we can remove that check.
No. I understood what you were asking, and I answered it.
Think about the inputs to the function.
memchr(nullptr, 'a', 0) is undefined behaviour.
char_traits<char>::find(nullptr, 0, 'a') is allowed.
How do we support the find(nullptr, 0, 'a') case but ensure we don't
pass a nullptr to memchr?
I can think of two ways, either we check for s==nullptr or we check
for n==0. So is there a reason to prefer one not the other?
Currently we check n==0, and it works fine.
You seem to be suggesting that we remove the n==0 check and add an
s==nullptr check. That would not be an improvement.
char_traits<char>::find(nullptr, 1, 'a') is not allowed, because it would
try to read from a null pointer.
If we checked for s==nullptr then we would return a null pointer for
find(nullptr, 1, 'a') as though it was a valid function call, but it
isn't. We would hide a bug in the program and prevent sanitizers from
diagnosing it.
If we check for n==0 we avoid passing null to memchr, and we also
avoid even calling memchr when we know what the answer will be.
We could call memchr in the case where s!=nullptr and n==0, and let
memchr handle the n==0 case, but why would that be an improvement?
Thanks,
-Aditya
From: Jonathan Wakely <jwakely@redhat.com>
Sent: Thursday, February 16, 2017 6:12 AM
To: Aditya K
Cc: libstdc++@gcc.gnu.org
Subject: Re: Passing 0 for number of bytes to be scanned in memchr
On 16/02/17 11:38 +0000, Aditya K wrote:
Hi Jonathan,
I see that in char_traits<char>::find, we check if the number of bytes to be scanned is zero. I think memchr handles that case already but I do not have
any reference to point out to. The documentation does not explicitly mention what happens when 'n' is zero. If n==0 is already handled then
we can safely remove this check. Please let me know your thoughts.
269 static const char_type*
270 find(const char_type* __s, size_t __n, const char_type& __a)
271 {
272 if (__n == 0)
273 return 0;
274 return static_cast<const char_type*>(__builtin_memchr(__s, __a, __n));
275 }
If __s is a null pointer then passing it to memchr is undefined.
I'm not 100% sure, but I don't think basic_string::find has the same
restriction, so we need to handle the case where it's null and avoid
calling memchr.