Bruno Haible wrote:
>> perhaps incomplete, since you can make the same argument about the "envp"
>> pointer.
>
> How so?
>From the perspective that since POSIX disallows passing a NULL
pointer, it would make sense to label each corresponding parameter
with the nonnull attribute.
Not a big deal, though, since we're just trying to avoid abuse.
> When the caller passes a NULL envp argument - which POSIX does not
> allow - the kernel provides an empty environment array instead. The callee
> never sees a NULL 'environ'.
>
> POSIX refers to argv[0], but not to envp[0].
The POSIX spec for execve says this about envp:
The argument envp is an array of character pointers to null-terminated
strings. These strings shall constitute the environment for the new
process image. The envp array is terminated by a null pointer.
which I seem to recall means (probably due to the definition of "array of
strings") that it must be non-NULL.
> It also contains language that explicitly says the callee is not guaranteed
> to be
> invoked with a POSIX compliant 'environ':
> "The new process might be invoked in a non-conforming environment if the
> envp array does not contain implementation-defined variables required
> by the implementation to provide a conforming environment. See the
> _CS_V7_ENV entry in <unistd.h> and confstr() for details."
