I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Specifically, what does the C standard dictate about the behaviour of
strrchr(NULL,'/')
but the question could apply to any of the string functions
(strlen(NULL), etc.)

My gut impression is that
strrchr(NULL,'/'), etc
invoke undefined behaviour, and should be avoided.

Can anyone comment?

--
Lew Pitcher
"In Skills We Trust"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-04-02, Lew Pitcher <lew.pitcher@digitalfreehold.ca> wrote:

I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Let us start with ISO C 90.

7.1.7 Use of library functions

Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow. If an argument to
a function has an invalid value (such as a value outside the domain of
the function. or a pointer outside the address space of the program.
or a null pointer), the behavior is undefined.
^^^^^^^^^^^^^^^^^

C99 draft. (Have the real thing, not currently on me):

7.1.4 Use of library functions

1 Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow: If an argument
to a function has an invalid value (such as a value outside the
domain of the function, or a pointer outside the address space of
the program, or a null pointer, or a pointer to non-modifiable
storage when the corresponding parameter is not const-qualified) or
a type (after promotion) not expected by a function with variable
number of arguments, the behavior is undefined.

n3301 draft:

7.1.4 Use of library functions

1 Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow:

-- If an argument to a function has an invalid value (such as a
value outside the domain of the function, or a pointer outside
the address space of the program, or a null pointer, or a pointer
to non-modifiable storage when the corresponding parameter is not
const-qualified) or a type (after default argument promotion) not
expected by a function with a variable number of arguments, the
behavior is undefined.

It gets more verbose and indented, but the null treatment is
consistently there.

--
TXR Programming Language: http://nongnu.org/txr
Cygnal: Cygwin Native Application Library: http://kylheku.com/cygnal
Mastodon: @Kazinator@mstdn.ca

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 02 Apr 2025 18:33:17 +0000, Kaz Kylheku wrote:

On 2025-04-02, Lew Pitcher <lew.pitcher@digitalfreehold.ca> wrote:

I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Let us start with ISO C 90.

7.1.7 Use of library functions

Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow. If an argument to
a function has an invalid value (such as a value outside the domain of
the function. or a pointer outside the address space of the program.
or a null pointer), the behavior is undefined.
^^^^^^^^^^^^^^^^^

Thanks, Kaz

I knew that I had seen such a statement in the standards before, but
for the life of me, I couldn't find it today.

That settles my quandry; the code I'm looking at has got to change

[snip]

It gets more verbose and indented, but the null treatment is
consistently there.

Thanks again

--
Lew Pitcher
"In Skills We Trust"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Lew Pitcher <lew.pitcher@digitalfreehold.ca> writes:

I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Specifically, what does the C standard dictate about the behaviour of
strrchr(NULL,'/')
but the question could apply to any of the string functions
(strlen(NULL), etc.)

My gut impression is that
strrchr(NULL,'/'), etc
invoke undefined behaviour, and should be avoided.

Can anyone comment?

There's a general principle when reading the C standard, which
is, when looking at some leaf section, go up the tree and read
the parent section, and also read the grandparent section, and so
on.

In N1256, strrchr() is defined in 7.21.5.5, and strlen() is
defined in 7.21.6.3. Both 7.21.5 and 7.21.6 are empty (except
for subsections), as is 7.21 itself, but directly underneath
section 7.21 is section 7.21.1 "String function conventions", two
paragraphs long, and this section does mention null arguments.

As it turns out neither of these paragraphs addresses your question specifically, but the second paragraph does mention 7.1.4, where an
answer may be found. So if the general principle mentioned above
had been followed, there is a reasonable chance you would have found
an answer without having to ask.

Incidentally, I learned this principle myself from another helpful
poster (I don't remember who) in comp.lang.c, and am happy to pass
along what has been for me helpful advice.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 02 Apr 2025 17:36:22 -0700, Tim Rentsch wrote:

Lew Pitcher <lew.pitcher@digitalfreehold.ca> writes:

I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Specifically, what does the C standard dictate about the behaviour of
strrchr(NULL,'/')
but the question could apply to any of the string functions
(strlen(NULL), etc.)

My gut impression is that
strrchr(NULL,'/'), etc
invoke undefined behaviour, and should be avoided.

Can anyone comment?

There's a general principle when reading the C standard, which
is, when looking at some leaf section, go up the tree and read
the parent section, and also read the grandparent section, and so
on.

[snip]

Incidentally, I learned this principle myself from another helpful
poster (I don't remember who) in comp.lang.c, and am happy to pass
along what has been for me helpful advice.

Many thanks, Tim

I appreciate both yours and Kaz's guidance in this.
I knew that the standard included a caveat here, but, for the life
of me, I couldn't locate it.

I appreciate the assistance; it gives me some measure of confidence
for the changes that I must make to the code that I am revising at
the moment.

Thanks again
--
Lew Pitcher
"In Skills We Trust"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4/2/25 14:11, Lew Pitcher wrote:

I cannot find any definitive statement in my copies of the various
C language standards that addresses the behaviour of the C string
functions when given a NULL pointer.

Specifically, what does the C standard dictate about the behaviour of strrchr(NULL,'/')
but the question could apply to any of the string functions
(strlen(NULL), etc.)

My gut impression is that
strrchr(NULL,'/'), etc
invoke undefined behaviour, and should be avoided.

Can anyone comment?

In n3096.pdf (dated )
"If an argument to a function has an invalid value (such as a value
outside the domain of the function, or a pointer outside the address
space of the program, or a null pointer, or a pointer to non-modifiable
storage when the corresponding parameter is not const-qualified) or a
type (after default argument promotion) not expected by a function with
a variable number of arguments, the behavior is undefined." (7.1.4p1)

But keep in mind that this general rule can be overridden by explict
statements defining the behavior of a function when passed a null
pointer. Such statements occur in the descriptions of a dozens of
functions. I started compiling a list, but gave up.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02/04/2025 20:33, Kaz Kylheku wrote:

It gets more verbose and indented, but the null treatment is
consistently there.

In the current working draft for the future standard after C23, it says:

"""
Where an argument declared as size_t n specifies the length of the array
for a function, n can have the value zero on a call to that function.
Unless explicitly stated otherwise in the description of a particular
function in this subclause, pointer arguments on such a call may be null pointers. On such a call, a function that locates a character finds no occurrence, a function that compares two character sequences returns
zero, and a function that copies characters copies zero characters.
"""

And the change list includes :

"""
Allowed zero-length operations on null pointers.
"""


That sounds like if you call something like "strncpy" with a maximum
length of 0, then null pointers are safe - if nothing is moved, copied,
or searched, then the pointer is not dereferenced and the behaviour is
defined.

It seems likely to me that this is the behaviour you would get with most current implementations of the library functions - but of course that is
not something to rely on until you are using post-C23 standard tools.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Tim Rentsch <tr.17687@z991.linuxsc.com> writes:

[...]

Incidentally, I learned this principle myself from another helpful
poster (I don't remember who) in comp.lang.c, and am happy to pass
along what has been for me helpful advice.

And it's indeed pretty helpful. Thanks for sharing.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)