Hi Ryan has been investigating some Coverity reports where fileno(FILE *) could be passed a NULL. I asked about adding a NULL check in newlib and was reminded that POSIX leaves passing a NULL pointer as undefined behavior.
I don't want to ignore calls to fileno() and other methods from RTEMS code that potentially could pass a NULL in. I only see a few options: + Use an rtems_fileno() wrapper which does check for NULL. I don't like this because it opens a path of doing this for any libc method that takes a pointer. + Mark these as ignored in Coverity. I don't like this because it always feels like we could be papering over something. + Add an RTEMS assert() ahead of these suspect calls so at least debug mode flags them and Coverity is happier. + Add nonnull attribute to the headers for the various parameters in libc that shouldn't be null. I don't think this will catch all stupid cases of passing NULL but may be sufficient to catch some. I have no idea if this will make Coverity happy or not. I think aiming for the last two since they seem reasonable and straightforward. Other ideas? --joel
_______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
