Avoid calling OString ctor with null pointer

...in preparation of potential future changes from using OString to using
std::string_view, where OString has an undocumented feature of allowing
construction from a null pointer.

This is mostly the result of a manual audit of potentially problematic getenv
calls across the code base.  But there can be other problematic places too, like
the xmlGetProp call in tools/source/xml/XmlWalker.cxx.  To identify those,
rtl_{string,uString}_newFromStr aborts now in non-production debug builds when a
null pointer is passed(and all places that hit with a full `make check
screenshot` have been addressed here).  Once we are confident that all
problematic places have been identified, we should drop support for the
undocumented feature (see the TODO in sal/rtl/strtmpl.cxx).

Change-Id: I595cc6d4f1cda74add2a3db171323f817d362b08
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107430
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/sal/rtl/strtmpl.cxx b/sal/rtl/strtmpl.cxx
index bf58db0ba037..2292321f747b 100644
--- a/sal/rtl/strtmpl.cxx
+++ b/sal/rtl/strtmpl.cxx
@@ -24,6 +24,7 @@
 
 #include <algorithm>
 #include <cassert>
+#include <cstdlib>
 #include <limits>
 
 #include <cstring>
@@ -1324,6 +1325,15 @@ void SAL_CALL IMPL_RTL_STRINGNAME( newFromStr )( IMPL_RTL_STRINGDATA** ppThis,
     IMPL_RTL_STRINGDATA*    pOrg;
     sal_Int32               nLen;
 
+#if OSL_DEBUG_LEVEL > 0
+    //TODO: For now, only abort in non-production debug builds; once all places that rely on the
+    // undocumented newFromStr behavior of treating a null pCharStr like an empty string have been
+    // found and fixed, drop support for that behavior and turn this into a general assert:
+    if (pCharStr == nullptr) {
+        std::abort();
+    }
+#endif
+
     if ( pCharStr )
     {
         nLen = IMPL_RTL_STRNAME( getLength )( pCharStr );