Check NULL pointers or not...

Matt Caswell matt at openssl.org
Fri Nov 29 09:22:01 UTC 2019



On 29/11/2019 08:38, Dr Paul Dale wrote:
> I’d prefer option 1 or the middle ground.  I’ve lost count of the
> number of times I’ve seen programs crashing in the crypto library
> which required mammoth debugging efforts to irrefutably demonstrate
> that the caller is at fault rather than the crypto library :(
> 
> Option 1 would be preferable from this point of view but it can cause
> a performance hit — most of the time it wouldn’t matter but when it
> does it would be a big deal.  The middle ground doesn’t entail any
> performance loss in production code (it does in debug but that
> shouldn’t be relevant).


I think you misunderstand the middle ground option:

    if (!ossl_assert(ptr != NULL)) {
        ERR_raise(ERR_LIB_WHATEVER, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

In debug code this will crash if ptr is NULL. In production code this
acts exactly like option 1 - so has exactly the same performance hit.

For the record my preference is the middle ground option as being the
norm for new code and where we make a significant refactor of old code.
If something truly is performance critical then we can choose not to do
it in those cases.

Matt



More information about the openssl-project mailing list