On 20 February 2015 at 11:06, Florian Weimer wrote: > On 02/19/2015 09:56 PM, Sandra Loosemore wrote: >> Hmmmm, Passing the additional option in user code would be one thing, >> but what about library code? E.g., using memcpy (either explicitly or >> implicitly for a structure copy)? > > The memcpy problem isn't restricted to embedded architectures. > > size_t size; > const unsigned char *source; > std::vector<char> vec; > … > vec.resize(size); > memcpy(vec.data(), source, size); > > std::vector<T>::data() can return a null pointer if the vector is empty, > which means that this code is invalid for empty inputs. > > I think the C standard is wrong here. We should extend it, as a QoI > matter, and support null pointers for variable-length inputs and outputs > if the size is 0. But I suspect this is still a minority view.
I'm inclined to agree. Most developers aren't aware of the preconditions on memcpy, but GCC optimizes aggressively based on those preconditions, so we have a large and potentially dangerous gap between what developers expect and what actually happens.