On Tue, Jul 02, 2002 at 01:10:23PM -0400, Ed Ravin wrote:

 > This sounds a bit extreme.  Don't we want library code to be
 > reliable and not to overwrite surprise areas of memory when
 > presented with bogus arguments?  As others have pointed out,
 > parameter checking happens once per call.  I doubt the overhead
 > would be so "considerable", and the improvements in reliability
 > and security would be well worth it.

In an idea world, you would want a core dump for this kind of thing,
not for the code to silently fix things up.  That is only going to
mean that the real bugs are harder to find.

 > If the fixes are common to multiple callers, then shouldn't the
 > fixes be in the libraries?  Isn't that what libraries are for
 > in the first place?

I think I'm going to start passing NULL as the FILE * argument to
fprintf() when I mean stderr; it's fewer letters to type.  I'll
make sure to update libc accordingly.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>