The ISO C standard says that the behavior is undefined.
Quoting N1570, which is a draft of the 2011 ISO C standard, section 7.1.4:
Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow: If an argument to
a function has an invalid value (such as [...],
or a null pointer, [...], the behavior is undefined.
The description of strstr
in 7.24.5.7 says:
The strstr function locates the first occurrence in the string
pointed to by s1 of the sequence of characters (excluding the
terminating null character) in the string pointed to by s2.
which, in addition to the statement in 7.1.4, says that the arguments have to point to some string (which a null pointer does not).
These statements are similar, if not identical, in the C90 and C99 standards.
Note that "undefined behavior" does not imply that the program will necessarily crash. For example, this program:
#include <stdio.h>
#include <string.h>
int main(void) {
char *p = strstr(NULL, "");
if (p == NULL) {
printf("p == NULL\n");
}
else {
printf("p = %p\n", p);
}
}
when compiled and run on my system (Linux, gcc 4.7.2, glibc 2.15) prints:
p == NULL
probably because strstr
optimizes the case of an empty string for the second argument. Undefined behavior is an error that need not be detected or diagnosed; it's entirely your responsibility as a programmer to avoid undefined behavior in the first place.