Hi all! > > If the library crashes on free(NULL), you're just making > > people like me do this everywhere: > > > > if (ptr != NULL) free (ptr);
ok, if you have a test case "free (NULL)", agreed ;-) Seems not all platforms conform to the "free(NULL) is a no-op". I understand your example, thanks for that, but I don't think that this is the general case for "validating parameters". Actually, NULL even is a valid parameter to free! My comment was about: > > > validating parameters before operating on them I just wanted to tell, that it is not possible to validate pointer parameters in C. You might be able to invalidate a few (NULL and (-1) maybe?), but you cannot validate. So functions must rely on the validity of passed pointers. NULL could be may indicate an optional parameter: the parameter / the object can be omitted, but otherwise it must be valid, or in short, the passed object must be valid. Checking "(ptr != NULL)" IMHO is not validating parameters, but it is checking for one special case. There are many more possibilities for invalid pointers, and most cannot be checked for. Also setting ptr = NULL after the free is not safe, because other pointers to the same object may exist. All those measurements surely can limit damage - but also increase later damage. This does not mean checking for NULL is bad!! -- it means checking for NULL is no reliable "parameter verification". Especially since NULL is valid return value of malloc and argument to free, ptr == NULL does not even indicate an invalid parameter, because for example to free() it is a valid one. > Any secure programming standard would also require that you > set ptr to NULL as soon as you free it. > Re-using already freed memory pointers is a common source of > both bugs and security holes. Yes, I agree. Set it to NULL -- but still, better not rely on that. If a pointer is NULL at a point in code where it shouldn't be NULL, just adding an "if(ptr != NULL)" (for that mandatory ptr) could lead to issues later. Here, assert() might help to spot bugs in development. If the pointer might be NULL, it is a valid one, of course then no assert. Double-free looks wrong even if pointer was set to NULL and second free has no effect. oki, Steffen -- [end of message] About Ingenico: Ingenico is a leading provider of payment, transaction and business solutions, with over 17 million terminals deployed in more than 125 countries. Over 3,600 employees worldwide support merchants, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. More information on http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org