------- Comment #5 from pgut001 at cs dot auckland dot ac dot nz 2008-06-10 09:15 ------- >Think printf with %s where it is supplied with a NULL argument or puts >with a NULL argument.
Sure, I understand how that part of it works, but gcc doesn't just use it for that, it applies two often mutually exclusive interpretations to the same attribute. Warning about inadvertent use of NULL is useful for developers, so there's a temptation to annotate code with it to warn at compile time of errors (and that seems to be the intended use of stdc_nonnull). However the opposite interpretation of the attribute is that if you do inadvertently pass a NULL pointer to annotated code, gcc may not warn about it but will cause your code to crash. The single attribute shouldn't be used to perform two mutually exclusive (and in one case, dangerous) actions, it's like storing rat poison in a fruit juice bottle... -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36166
