core dump from within asctime_r()
dot at dotat.at
Mon Feb 1 12:39:45 UTC 2010
On Sat, 30 Jan 2010, Bill Seymour wrote:
> On Sat, Jan 30, 2010 at 5:37 PM, Tony Finch <dot at dotat.at> wrote:
> > On Sat, 30 Jan 2010, Robert Elz wrote:
> >> locatime() can return NULL these days, ...
> > This code follows the C standard, so this bug is a defect in the standard.
> How so? It's not the job of the standard to specify coding practices.
> If a function can return a null pointer, programmers need to check
> for that.
The standard specifies the presence of the bug that Robert reported:
Section 126.96.36.199 para. 2:
The ctime function converts the calendar time pointed to by timer to
local time in the form of a string. It is equivalent to
Section 188.8.131.52 para. 4:
The localtime function returns a pointer to the broken-down time, or a
null pointer if the specified time cannot be converted to local time.
Section 184.108.40.206 specifies the behaviour of asctime() in terms of source
code which does not check for a NULL argument.
The fact that localtime() can return NULL but neither ctime() nor
asctime() checks for this is exactly the bug that Robert reported and
proposed a fix for.
You might argue that this bug falls under the general "garbage in garbage
out" clause (quoted below). I think that's pretty unsatisfactory given
that it leads to the inconsistency that localtime() checks its argument
but ctime() does not.
If an argument to a function has an invalid value (such as a value
outside the domain of the function, or a pointer outside the address
space of the program, or a null pointer, or a pointer to non-modifiable
storage when the corresponding parameter is not const-qualified) or a
type (after promotion) not expected by a function with variable number
of arguments, the behavior is undefined.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
More information about the tz