Avoid calling OString ctor with null pointer

...in preparation of potential future changes from using OString to using
std::string_view, where OString has an undocumented feature of allowing
construction from a null pointer.

This is mostly the result of a manual audit of potentially problematic getenv
calls across the code base.  But there can be other problematic places too, like
the xmlGetProp call in tools/source/xml/XmlWalker.cxx.  To identify those,
rtl_{string,uString}_newFromStr aborts now in non-production debug builds when a
null pointer is passed(and all places that hit with a full `make check
screenshot` have been addressed here).  Once we are confident that all
problematic places have been identified, we should drop support for the
undocumented feature (see the TODO in sal/rtl/strtmpl.cxx).

Change-Id: I595cc6d4f1cda74add2a3db171323f817d362b08
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107430
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

3 files changed, 17 insertions, 3 deletions

diff --git a/sal/osl/w32/socket.cxx b/sal/osl/w32/socket.cxx
index ba96cc5ed838..9e819beaa61f 100644
--- a/sal/osl/w32/socket.cxx
+++ b/sal/osl/w32/socket.cxx
@@ -512,7 +512,11 @@ oslHostAddr SAL_CALL osl_createHostAddrByName(rtl_uString *strHostname)
             {
                 pRet = static_cast<oslHostAddr>(
                     rtl_allocateZeroMemory(sizeof(struct oslHostAddrImpl)));
-                rtl_uString_newFromStr(&pRet->pHostName, o3tl::toU(pIter->ai_canonname));
+                if (pIter->ai_canonname == nullptr) {
+                    rtl_uString_new(&pRet->pHostName);
+                } else {
+                    rtl_uString_newFromStr(&pRet->pHostName, o3tl::toU(pIter->ai_canonname));
+                }
                 pRet->pSockAddr = createSocketAddr();
                 memcpy(& pRet->pSockAddr->m_sockaddr,
                        pIter->ai_addr, pIter->ai_addrlen);
diff --git a/sal/qa/osl/file/osl_File.cxx b/sal/qa/osl/file/osl_File.cxx
index 42c7a18a4f11..23b5398ac65a 100644
--- a/sal/qa/osl/file/osl_File.cxx
+++ b/sal/qa/osl/file/osl_File.cxx
@@ -931,7 +931,7 @@ namespace osl_FileBase
         OString sURL("file://~/tmp");
         char* home_path;
         home_path = getenv("HOME");
-        OString expResult(home_path);
+        OString expResult(home_path ? home_path : "");
         expResult += "/tmp";
         checkUNXBehaviour_getSystemPathFromFileURL(sURL, osl::FileBase::E_None, expResult);
 #endif
@@ -1009,7 +1009,7 @@ namespace osl_FileBase
         OString sSysPath("~/tmp");
         char* home_path;
         home_path = getenv("HOME");
-        OString expResult(home_path);
+        OString expResult(home_path ? home_path : "");
         expResult = "file://"+ expResult + "/tmp";
         checkUNXBehaviour_getFileURLFromSystemPath(sSysPath, osl::FileBase::E_None, expResult);
         checkWNTBehaviour_getFileURLFromSystemPath(sSysPath, osl::FileBase::E_None, "~/tmp");
diff --git a/sal/rtl/strtmpl.cxx b/sal/rtl/strtmpl.cxx
index bf58db0ba037..2292321f747b 100644
--- a/sal/rtl/strtmpl.cxx
+++ b/sal/rtl/strtmpl.cxx
@@ -24,6 +24,7 @@
 
 #include <algorithm>
 #include <cassert>
+#include <cstdlib>
 #include <limits>
 
 #include <cstring>
@@ -1324,6 +1325,15 @@ void SAL_CALL IMPL_RTL_STRINGNAME( newFromStr )( IMPL_RTL_STRINGDATA** ppThis,
     IMPL_RTL_STRINGDATA*    pOrg;
     sal_Int32               nLen;
 
+#if OSL_DEBUG_LEVEL > 0
+    //TODO: For now, only abort in non-production debug builds; once all places that rely on the
+    // undocumented newFromStr behavior of treating a null pCharStr like an empty string have been
+    // found and fixed, drop support for that behavior and turn this into a general assert:
+    if (pCharStr == nullptr) {
+        std::abort();
+    }
+#endif
+
     if ( pCharStr )
     {
         nLen = IMPL_RTL_STRNAME( getLength )( pCharStr );