On 09/07/2021 00:49, Segher Boessenkool wrote:
> On Thu, Jul 08, 2021 at 01:06:17PM +0200, Alejandro Colomar (man-pages) via Gcc-help wrote:
>> On 7/8/21 12:07 PM, Jonny Grant wrote:
>>> We can't guarantee safestrlen() won't be called with NULL. So because
>>> strlen() itself doesn't check for NULL in C standard we'd need to call the
>>> wrapper so that NULL can be checked for.
>
>>> size_t __attribute__((optimize("O0"))) safestrlen(const char * s)
>>> {
>>> if (NULL == s) return 0;
>>> else return strlen(s);
>>> }
>
>> That also allows differentiating a length of 0 (i.e., "") from an
>> invalid string (i.e., NULL), by returning -1 for NULL.
>
> It is incorrect to return any particular value for strlen(0); not 0, not
> -1, not anything. Since there *is* no string, it doesn't have a length
> either.
>
> So instead of making some function for this, I recommend just writing
> something like
>
> bla = s ? strlen(s) : 0;
Hi Segher
Yes, this could work. But it does rely on programmer typing it like that every time... Maybe an inline function better.
inline size_t safestrlen(const char * s) {return s?strlen(s) : 0}
Perhaps there are too many email addresses on this cc list now.
I'd prefer a Annex K of C11 style function ISO/IEC TR 24731-1 for strlen() - but there isn't one such as strnlen_s.
>
> wherever you need it. If a function name isn't self-explanatory, and
> even *cannot* be, your factoring is most likely not ideal. Code is
> primarily there for humans to read, it should be optimised for that.
>
>
> Segher
> .
Good point
Jonny
