On Mon, Sep 29, 2014 at 2:04 PM, Chet Ramey <chet.ra...@case.edu> wrote: > On 9/29/14, 8:22 AM, Notes Jonny wrote: >> Hello >> I noticed hash_search() did not check if "string" parameter was >> non-NULL. Please find attached a patch for this. > > It's the caller's responsibility to ensure that the string passed to > hash_search is non-NULL.
What's your rationale for that? CERT EXP34-C "Do not dereference null pointers" is pretty clear, with examples: https://www.securecoding.cert.org/confluence/display/seccode/EXP34-C.+Do+not+dereference+null+pointers In software development we always verify parameters are within expected bounds. There is ISO/IEC TR 24772 covering this topic amongst others. Regards, Jonny
