On Sat, 30 Jan 2010, Bill Seymour wrote:
On Sat, Jan 30, 2010 at 5:37 PM, Tony Finch <dot@dotat.at> wrote:
On Sat, 30 Jan 2010, Robert Elz wrote:
locatime() can return NULL these days, ...
This code follows the C standard, so this bug is a defect in the standard.
How so? It's not the job of the standard to specify coding practices. If a function can return a null pointer, programmers need to check for that.
The standard specifies the presence of the bug that Robert reported: Section 7.23.3.2 para. 2: The ctime function converts the calendar time pointed to by timer to local time in the form of a string. It is equivalent to asctime(localtime(timer)) Section 7.23.3.4 para. 4: The localtime function returns a pointer to the broken-down time, or a null pointer if the specified time cannot be converted to local time. Section 7.23.3.1 specifies the behaviour of asctime() in terms of source code which does not check for a NULL argument. The fact that localtime() can return NULL but neither ctime() nor asctime() checks for this is exactly the bug that Robert reported and proposed a fix for. You might argue that this bug falls under the general "garbage in garbage out" clause (quoted below). I think that's pretty unsatisfactory given that it leads to the inconsistency that localtime() checks its argument but ctime() does not. (section 7.1.4) If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.