[libc] Expand usage of libc null checks. (#116262)

Fixes #111546 --------- Co-authored-by: alyyelashram <150528548+alyyelashram@users.noreply.github.com>
author: Aly ElAshram <71949028+AlyElashram@users.noreply.github.com> 2025-06-04 20:08:27 +0300
committer: GitHub <noreply@github.com> 2025-06-04 13:08:27 -0400
commit: ff844df719d7226a46b8cb0d99aef9480cced247 (patch)
tree: ec4fdf604da96f6b652f4d44769383caa06ad884 /libc/src/string
parent: ec5610c4a2ef15551fdfbe9c990851376f58efb6 (diff)
21 files changed, 83 insertions, 0 deletions
diff --git a/libc/src/string/memccpy.cpp b/libc/src/string/memccpy.cpp
index ae90cf9370d4..d5654fc5e46a 100644
--- a/libc/src/string/memccpy.cpp
+++ b/libc/src/string/memccpy.cpp
@@ -10,6 +10,7 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include <stddef.h> // For size_t.
 
 namespace LIBC_NAMESPACE_DECL {
@@ -17,6 +18,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(void *, memccpy,
                    (void *__restrict dest, const void *__restrict src, int c,
                     size_t count)) {
+  if (count) {
+    LIBC_CRASH_ON_NULLPTR(dest);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   unsigned char end = static_cast<unsigned char>(c);
   const unsigned char *uc_src = static_cast<const unsigned char *>(src);
   unsigned char *uc_dest = static_cast<unsigned char *>(dest);
diff --git a/libc/src/string/memchr.cpp b/libc/src/string/memchr.cpp
index ba52f14afa9d..ccdc262837cd 100644
--- a/libc/src/string/memchr.cpp
+++ b/libc/src/string/memchr.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/memchr.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/string_utils.h"
 
 #include "src/__support/common.h"
@@ -17,6 +18,8 @@ namespace LIBC_NAMESPACE_DECL {
 
 // TODO: Look at performance benefits of comparing words.
 LLVM_LIBC_FUNCTION(void *, memchr, (const void *src, int c, size_t n)) {
+  if (n)
+    LIBC_CRASH_ON_NULLPTR(src);
   return internal::find_first_character(
       reinterpret_cast<const unsigned char *>(src),
       static_cast<unsigned char>(c), n);
diff --git a/libc/src/string/memcmp.cpp b/libc/src/string/memcmp.cpp
index 68996fb78723..d2f67f0478ef 100644
--- a/libc/src/string/memcmp.cpp
+++ b/libc/src/string/memcmp.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/memcmp.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memcmp.h"
 
 #include <stddef.h> // size_t
@@ -16,6 +17,10 @@ namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(int, memcmp,
                    (const void *lhs, const void *rhs, size_t count)) {
+  if (count) {
+    LIBC_CRASH_ON_NULLPTR(lhs);
+    LIBC_CRASH_ON_NULLPTR(rhs);
+  }
   return inline_memcmp(lhs, rhs, count);
 }
 
diff --git a/libc/src/string/memcpy.cpp b/libc/src/string/memcpy.cpp
index 0eb7f2c170e0..4d4ff4dd3872 100644
--- a/libc/src/string/memcpy.cpp
+++ b/libc/src/string/memcpy.cpp
@@ -9,6 +9,7 @@
 #include "src/string/memcpy.h"
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memcpy.h"
 
 namespace LIBC_NAMESPACE_DECL {
@@ -16,6 +17,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(void *, memcpy,
                    (void *__restrict dst, const void *__restrict src,
                     size_t size)) {
+  if (size) {
+    LIBC_CRASH_ON_NULLPTR(dst);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   inline_memcpy(dst, src, size);
   return dst;
 }
diff --git a/libc/src/string/memmove.cpp b/libc/src/string/memmove.cpp
index 26a8c4187f3d..04ed51b84f8f 100644
--- a/libc/src/string/memmove.cpp
+++ b/libc/src/string/memmove.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/memmove.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memcpy.h"
 #include "src/string/memory_utils/inline_memmove.h"
 #include <stddef.h> // size_t
@@ -16,6 +17,10 @@ namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(void *, memmove,
                    (void *dst, const void *src, size_t count)) {
+  if (count) {
+    LIBC_CRASH_ON_NULLPTR(dst);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   // Memmove may handle some small sizes as efficiently as inline_memcpy.
   // For these sizes we may not do is_disjoint check.
   // This both avoids additional code for the most frequent smaller sizes
diff --git a/libc/src/string/mempcpy.cpp b/libc/src/string/mempcpy.cpp
index 09392ceb966d..b6a9721960ce 100644
--- a/libc/src/string/mempcpy.cpp
+++ b/libc/src/string/mempcpy.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/mempcpy.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memcpy.h"
 
 #include "src/__support/common.h"
@@ -18,6 +19,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(void *, mempcpy,
                    (void *__restrict dst, const void *__restrict src,
                     size_t count)) {
+  if (count) {
+    LIBC_CRASH_ON_NULLPTR(dst);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   inline_memcpy(dst, src, count);
   return reinterpret_cast<char *>(dst) + count;
 }
diff --git a/libc/src/string/memrchr.cpp b/libc/src/string/memrchr.cpp
index d665e225bbb7..d5c843c733b3 100644
--- a/libc/src/string/memrchr.cpp
+++ b/libc/src/string/memrchr.cpp
@@ -9,11 +9,16 @@
 #include "src/string/memrchr.h"
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include <stddef.h>
 
 namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(void *, memrchr, (const void *src, int c, size_t n)) {
+
+  if (n)
+    LIBC_CRASH_ON_NULLPTR(src);
+
   const unsigned char *str = reinterpret_cast<const unsigned char *>(src);
   const unsigned char ch = static_cast<unsigned char>(c);
   for (; n != 0; --n) {
diff --git a/libc/src/string/memset.cpp b/libc/src/string/memset.cpp
index c2868afa9103..a0b96b3cf88b 100644
--- a/libc/src/string/memset.cpp
+++ b/libc/src/string/memset.cpp
@@ -9,11 +9,15 @@
 #include "src/string/memset.h"
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memset.h"
 
 namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(void *, memset, (void *dst, int value, size_t count)) {
+  if (count)
+    LIBC_CRASH_ON_NULLPTR(dst);
+
   inline_memset(dst, static_cast<uint8_t>(value), count);
   return dst;
 }
diff --git a/libc/src/string/stpncpy.cpp b/libc/src/string/stpncpy.cpp
index d2a6e0474982..47bf4c6e86fb 100644
--- a/libc/src/string/stpncpy.cpp
+++ b/libc/src/string/stpncpy.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/stpncpy.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_bzero.h"
 
 #include "src/__support/common.h"
@@ -17,6 +18,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(char *, stpncpy,
                    (char *__restrict dest, const char *__restrict src,
                     size_t n)) {
+  if (n) {
+    LIBC_CRASH_ON_NULLPTR(dest);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   size_t i;
   // Copy up until \0 is found.
   for (i = 0; i < n && src[i] != '\0'; ++i)
diff --git a/libc/src/string/strcasestr.cpp b/libc/src/string/strcasestr.cpp
index 1da1e3f02507..de8e4bec7fe0 100644
--- a/libc/src/string/strcasestr.cpp
+++ b/libc/src/string/strcasestr.cpp
@@ -11,6 +11,7 @@
 #include "src/__support/common.h"
 #include "src/__support/ctype_utils.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_strstr.h"
 
 namespace LIBC_NAMESPACE_DECL {
@@ -23,6 +24,9 @@ LLVM_LIBC_FUNCTION(char *, strcasestr,
     return LIBC_NAMESPACE::internal::tolower(a) -
            LIBC_NAMESPACE::internal::tolower(b);
   };
+
+  LIBC_CRASH_ON_NULLPTR(haystack);
+  LIBC_CRASH_ON_NULLPTR(needle);
   return inline_strstr(haystack, needle, case_cmp);
 }
 
diff --git a/libc/src/string/strcat.cpp b/libc/src/string/strcat.cpp
index 0eb189ce204f..6a6f068bd475 100644
--- a/libc/src/string/strcat.cpp
+++ b/libc/src/string/strcat.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/strcat.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/strcpy.h"
 #include "src/string/string_utils.h"
 
@@ -17,6 +18,8 @@ namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(char *, strcat,
                    (char *__restrict dest, const char *__restrict src)) {
+  LIBC_CRASH_ON_NULLPTR(dest);
+  LIBC_CRASH_ON_NULLPTR(src);
   size_t dest_length = internal::string_length(dest);
   size_t src_length = internal::string_length(src);
   LIBC_NAMESPACE::strcpy(dest + dest_length, src);
diff --git a/libc/src/string/strcoll.cpp b/libc/src/string/strcoll.cpp
index eeb2c79e3807..aa08f7194c9e 100644
--- a/libc/src/string/strcoll.cpp
+++ b/libc/src/string/strcoll.cpp
@@ -10,11 +10,14 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 
 namespace LIBC_NAMESPACE_DECL {
 
 // TODO: Add support for locales.
 LLVM_LIBC_FUNCTION(int, strcoll, (const char *left, const char *right)) {
+  LIBC_CRASH_ON_NULLPTR(left);
+  LIBC_CRASH_ON_NULLPTR(right);
   for (; *left && *left == *right; ++left, ++right)
     ;
   return static_cast<int>(*left) - static_cast<int>(*right);
diff --git a/libc/src/string/strcoll_l.cpp b/libc/src/string/strcoll_l.cpp
index f664a3c7c03f..e820efa564a3 100644
--- a/libc/src/string/strcoll_l.cpp
+++ b/libc/src/string/strcoll_l.cpp
@@ -10,12 +10,15 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 
 namespace LIBC_NAMESPACE_DECL {
 
 // TODO: Add support for locales.
 LLVM_LIBC_FUNCTION(int, strcoll_l,
                    (const char *left, const char *right, locale_t)) {
+  LIBC_CRASH_ON_NULLPTR(left);
+  LIBC_CRASH_ON_NULLPTR(right);
   for (; *left && *left == *right; ++left, ++right)
     ;
   return static_cast<int>(*left) - static_cast<int>(*right);
diff --git a/libc/src/string/strcpy.cpp b/libc/src/string/strcpy.cpp
index 60b73ab3aa82..2013593db24a 100644
--- a/libc/src/string/strcpy.cpp
+++ b/libc/src/string/strcpy.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/strcpy.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_memcpy.h"
 #include "src/string/string_utils.h"
 
@@ -17,6 +18,7 @@ namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(char *, strcpy,
                    (char *__restrict dest, const char *__restrict src)) {
+  LIBC_CRASH_ON_NULLPTR(dest);
   size_t size = internal::string_length(src) + 1;
   inline_memcpy(dest, src, size);
   return dest;
diff --git a/libc/src/string/strlen.cpp b/libc/src/string/strlen.cpp
index ff7ab14dd313..234edb81d4c8 100644
--- a/libc/src/string/strlen.cpp
+++ b/libc/src/string/strlen.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/strlen.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/string_utils.h"
 
 #include "src/__support/common.h"
@@ -17,6 +18,7 @@ namespace LIBC_NAMESPACE_DECL {
 // TODO: investigate the performance of this function.
 // There might be potential for compiler optimization.
 LLVM_LIBC_FUNCTION(size_t, strlen, (const char *src)) {
+  LIBC_CRASH_ON_NULLPTR(src);
   return internal::string_length(src);
 }
 
diff --git a/libc/src/string/strncat.cpp b/libc/src/string/strncat.cpp
index 221881f93c47..4926b7d244d1 100644
--- a/libc/src/string/strncat.cpp
+++ b/libc/src/string/strncat.cpp
@@ -8,6 +8,7 @@
 
 #include "src/string/strncat.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/string_utils.h"
 #include "src/string/strncpy.h"
 
@@ -18,6 +19,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(char *, strncat,
                    (char *__restrict dest, const char *__restrict src,
                     size_t count)) {
+  if (count) {
+    LIBC_CRASH_ON_NULLPTR(dest);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   size_t src_length = internal::string_length(src);
   size_t copy_amount = src_length > count ? count : src_length;
   size_t dest_length = internal::string_length(dest);
diff --git a/libc/src/string/strncmp.cpp b/libc/src/string/strncmp.cpp
index 16d4601fe845..f21fd769f394 100644
--- a/libc/src/string/strncmp.cpp
+++ b/libc/src/string/strncmp.cpp
@@ -10,6 +10,7 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_strcmp.h"
 
 #include <stddef.h>
@@ -18,6 +19,10 @@ namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(int, strncmp,
                    (const char *left, const char *right, size_t n)) {
+  if (n) {
+    LIBC_CRASH_ON_NULLPTR(left);
+    LIBC_CRASH_ON_NULLPTR(right);
+  }
   auto comp = [](char l, char r) -> int { return l - r; };
   return inline_strncmp(left, right, n, comp);
 }
diff --git a/libc/src/string/strncpy.cpp b/libc/src/string/strncpy.cpp
index 4976ad94708c..e271009502f2 100644
--- a/libc/src/string/strncpy.cpp
+++ b/libc/src/string/strncpy.cpp
@@ -10,6 +10,7 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include <stddef.h> // For size_t.
 
 namespace LIBC_NAMESPACE_DECL {
@@ -17,6 +18,10 @@ namespace LIBC_NAMESPACE_DECL {
 LLVM_LIBC_FUNCTION(char *, strncpy,
                    (char *__restrict dest, const char *__restrict src,
                     size_t n)) {
+  if (n) {
+    LIBC_CRASH_ON_NULLPTR(dest);
+    LIBC_CRASH_ON_NULLPTR(src);
+  }
   size_t i = 0;
   // Copy up until \0 is found.
   for (; i < n && src[i] != '\0'; ++i)
diff --git a/libc/src/string/strsep.cpp b/libc/src/string/strsep.cpp
index 4c275122de52..555c2f3c9791 100644
--- a/libc/src/string/strsep.cpp
+++ b/libc/src/string/strsep.cpp
@@ -9,14 +9,17 @@
 #include "src/string/strsep.h"
 
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/string_utils.h"
 
 namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(char *, strsep,
                    (char **__restrict stringp, const char *__restrict delim)) {
+  LIBC_CRASH_ON_NULLPTR(stringp);
   if (!*stringp)
     return nullptr;
+  LIBC_CRASH_ON_NULLPTR(delim);
   return internal::string_token<false>(*stringp, delim, stringp);
 }
 
diff --git a/libc/src/string/strspn.cpp b/libc/src/string/strspn.cpp
index 66bb39903ab3..b205bedf80ca 100644
--- a/libc/src/string/strspn.cpp
+++ b/libc/src/string/strspn.cpp
@@ -11,11 +11,14 @@
 #include "src/__support/CPP/bitset.h"
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include <stddef.h>
 
 namespace LIBC_NAMESPACE_DECL {
 
 LLVM_LIBC_FUNCTION(size_t, strspn, (const char *src, const char *segment)) {
+  LIBC_CRASH_ON_NULLPTR(src);
+  LIBC_CRASH_ON_NULLPTR(segment);
   const char *initial = src;
   cpp::bitset<256> bitset;
 
diff --git a/libc/src/string/strstr.cpp b/libc/src/string/strstr.cpp
index 5132f06ef53f..44797ef670b9 100644
--- a/libc/src/string/strstr.cpp
+++ b/libc/src/string/strstr.cpp
@@ -10,6 +10,7 @@
 
 #include "src/__support/common.h"
 #include "src/__support/macros/config.h"
+#include "src/__support/macros/null_check.h"
 #include "src/string/memory_utils/inline_strstr.h"
 
 namespace LIBC_NAMESPACE_DECL {
@@ -18,6 +19,8 @@ namespace LIBC_NAMESPACE_DECL {
 // improved upon using well known string matching algorithms.
 LLVM_LIBC_FUNCTION(char *, strstr, (const char *haystack, const char *needle)) {
   auto comp = [](char l, char r) -> int { return l - r; };
+  LIBC_CRASH_ON_NULLPTR(haystack);
+  LIBC_CRASH_ON_NULLPTR(needle);
   return inline_strstr(haystack, needle, comp);
 }
author	Aly ElAshram <71949028+AlyElashram@users.noreply.github.com>	2025-06-04 20:08:27 +0300
committer	GitHub <noreply@github.com>	2025-06-04 13:08:27 -0400
commit	ff844df719d7226a46b8cb0d99aef9480cced247 (patch)
tree	ec4fdf604da96f6b652f4d44769383caa06ad884 /libc/src/string
parent	ec5610c4a2ef15551fdfbe9c990851376f58efb6 (diff)