This is the mail archive of the
mailing list for the libstdc++ project.
Re: Passing 0 for number of bytes to be scanned in memchr
- From: Aditya K <hiraditya at msn dot com>
- To: Jonathan Wakely <jwakely at redhat dot com>
- Cc: "libstdc++ at gcc dot gnu dot org" <libstdc++ at gcc dot gnu dot org>
- Date: Thu, 16 Feb 2017 13:35:02 +0000
- Subject: Re: Passing 0 for number of bytes to be scanned in memchr
- Authentication-results: sourceware.org; auth=none
- Authentication-results: gcc.gnu.org; dkim=none (message not signed) header.d=none;gcc.gnu.org; dmarc=none action=none header.from=msn.com;
- References: <KL1PR0601MB2021B092943830C1BB1221F0B65A0@KL1PR0601MB2021.apcprd06.prod.outlook.com> <20170216121259.GS4602@redhat.com> <KL1PR0601MB2021F4E75779CE107A624C6CB65A0@KL1PR0601MB2021.apcprd06.prod.outlook.com>,<20170216132134.GT4602@redhat.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Thanks for the explanation. It was very helpful. I was trying to figure out if we can just call memchr without checking n==0. Now it is clear we cannot.
From: Jonathan Wakely <email@example.com>
Sent: Thursday, February 16, 2017 7:21 AM
To: Aditya K
Subject: Re: Passing 0 for number of bytes to be scanned in memchr
On 16/02/17 12:40 +0000, Aditya K wrote:
>> If __s is a null pointer then passing it to memchr is undefined.
>That means we are missing the check when __s == nullptr?
>I also wanted to know what happens when __n is zero in the case of memchr. I think memchr returns null in this case so we can remove that check.
No. I understood what you were asking, and I answered it.
Think about the inputs to the function.
memchr(nullptr, 'a', 0) is undefined behaviour.
char_traits<char>::find(nullptr, 0, 'a') is allowed.
How do we support the find(nullptr, 0, 'a') case but ensure we don't
pass a nullptr to memchr?
I can think of two ways, either we check for s==nullptr or we check
for n==0. So is there a reason to prefer one not the other?
Currently we check n==0, and it works fine.
You seem to be suggesting that we remove the n==0 check and add an
s==nullptr check. That would not be an improvement.
char_traits<char>::find(nullptr, 1, 'a') is not allowed, because it would
try to read from a null pointer.
If we checked for s==nullptr then we would return a null pointer for
find(nullptr, 1, 'a') as though it was a valid function call, but it
isn't. We would hide a bug in the program and prevent sanitizers from
If we check for n==0 we avoid passing null to memchr, and we also
avoid even calling memchr when we know what the answer will be.
We could call memchr in the case where s!=nullptr and n==0, and let
memchr handle the n==0 case, but why would that be an improvement?
>From: Jonathan Wakely <firstname.lastname@example.org>
>Sent: Thursday, February 16, 2017 6:12 AM
>To: Aditya K
>Subject: Re: Passing 0 for number of bytes to be scanned in memchr
>On 16/02/17 11:38 +0000, Aditya K wrote:
>>I see that in char_traits<char>::find, we check if the number of bytes to be scanned is zero. I think memchr handles that case already but I do not have
>>any reference to point out to. The documentation does not explicitly mention what happens when 'n' is zero. If n==0 is already handled then
>>we can safely remove this check. Please let me know your thoughts.
>>269 static const char_type*
>>270 find(const char_type* __s, size_t __n, const char_type& __a)
>>272 if (__n == 0)
>>273 return 0;
>>274 return static_cast<const char_type*>(__builtin_memchr(__s, __a, __n));
>If __s is a null pointer then passing it to memchr is undefined.
>I'm not 100% sure, but I don't think basic_string::find has the same
>restriction, so we need to handle the case where it's null and avoid