Fun with NULL pointers, part 2
Posted Jul 22, 2009 11:14 UTC (Wed) by epa
In reply to: Fun with NULL pointers, part 2
Parent article: Fun with NULL pointers, part 2
Making sure that a pointer is never NULL is easy when it is passed to a static function. For public functions it is harder and more checks are needed, but if all callers are limited to one directory it's still not hard.
It's not hard, but I know that I am able to make mistakes on even the simplest tasks. I also know that I am not quite the world's worst programmer or the most careless, so if I can screw up, others can too. That's why even after you have carefully gone through the code and made sure that 'obviously', NULL can never be passed, it is still a good idea to include a check just in case, to stop a minor oversight becoming a major bug (such as the root exploit discussed in the article).
The best option is for the compiler to statically ensure non-null pointers; tools like Splint let you be certain that getting null is impossible.
If it's unclear if something can be NULL or not then in the long term it's much better to clean up the code.
Absolutely agreed. If it's unclear whether NULL is allowed, then BUG_ON(x==NULL) is not the right way, except as a temporary debugging aid. You need to check the code and make a decision - can NULL ever legally be passed here? If the answer is no, then you should make sure all the callers are behaving properly - but then when you've finished put in the BUG_ON check anyway, because even Linus makes mistakes.
to post comments)