NetBSD Problem Report #21171

Received: (qmail 6692 invoked by uid 605); 14 Apr 2003 11:22:26 -0000
Message-Id: <20030414132223.18e9eb44.christianbiere@gmx.de>
Date: Mon, 14 Apr 2003 13:22:23 +0200
From: Christian Biere <christianbiere@gmx.de>
Sender: gnats-bugs-owner@netbsd.org
To: gnats-bugs@gnats.netbsd.org
Subject: Potential misuse of ctype functions [rawrite]

>Number:         21171
>Category:       port-i386
>Synopsis:       Potential misuse of ctype functions [rawrite]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 14 11:23:00 +0000 2003
>Closed-Date:    Mon Apr 14 11:34:40 +0000 2003
>Last-Modified:  Sun Apr 30 09:14:58 +0000 2006
>Originator:     Christian Biere
>Release:        NetBSD 1.6Q
>Organization:
>Environment:
>Description:

At least the following file(s) seem(s) to be affected:

sys/arch/i386/stand/misc/rawrite.c

*** This general description which might only partially apply to this PR ***

The is* (e.g., isdigit() but not isascii()) functions from <ctype.h> as well
as tolower() and toupper() expect an parameter of type int. However, the
behaviour is only defined for values which are EOF or representable as
an unsigned char. Several architectures have char as signed char by default.
This means if you pass a parameter of type char it will be automatically
casted to (signed) int and therefore the value isn't representable as
an unsigned char or EOF for negative values (except -1 which is normally EOF).
The result might be a crash or simply *anything* as the behaviour isn't
defined for these cases.

I have not verified whether there are any preconditions which prevent
an actual problem. The code might work for the suggested platform, it
might not be used, the characters might be prefiltered etc. However,
it's so simple toofix but so often done wrong, that I don't think anyone
should waste his with going into deep here.

KISS: If you work with strings use unsigned char or cast to it. If you use
int make sure that it's from fgetc(), getc() etc. or better check for EOF
and cast it to unsigned char after that.

Furthermore, it's often not considered that these functions respect the
current locale settings.

>How-To-Repeat:

>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dsl 
State-Changed-When: Mon Apr 14 04:34:05 PDT 2003 
State-Changed-Why:  
Fixed rawrite.c (for what it matters...) 

From: David Laight <dsl@netbsd.org>
To: gnats-bugs@gnats.netbsd.org
Cc:  
Subject: pr/21171 CVS commit: src/sys/arch/i386/stand/misc
Date: Mon, 14 Apr 2003 14:33:41 +0300 (EEST)

 Module Name:	src
 Committed By:	dsl
 Date:		Mon Apr 14 11:33:40 UTC 2003

 Modified Files:
 	src/sys/arch/i386/stand/misc: rawrite.c

 Log Message:
 fix PR 21171


 To generate a diff of this commit:
 cvs rdiff -r1.1 -r1.2 src/sys/arch/i386/stand/misc/rawrite.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

Home	PR Database Search