[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug

[Salz, Rich]

> Defensive programming is about handling gracefully the cases when the
> user/caller does something he “is not supposed to do”.

There is a limit.

Should we return an error code that will most likely be ignored?

Should the C library be defensive about fprintf, strcpy, etc., etc.?

> Software that relies on its users doing only the right things…? Really?

OpenSSL *is not* going to check for NULL parameters where you don't supply them.  It never has (not universally) and it never will.  If you want another language... .:)