NetBSD Problem Report #21172

Received: (qmail 8148 invoked by uid 605); 14 Apr 2003 11:23:47 -0000
Message-Id: <20030414132343.078b66a9.christianbiere@gmx.de>
Date: Mon, 14 Apr 2003 13:23:43 +0200
From: Christian Biere <christianbiere@gmx.de>
Sender: gnats-bugs-owner@netbsd.org
To: gnats-bugs@gnats.netbsd.org
Subject: Potential misuse of ctype functions [devopen.c]

>Number:         21172
>Category:       port-next68k
>Synopsis:       Potential misuse of ctype functions [devopen.c]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-next68k-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 14 11:24:00 +0000 2003
>Closed-Date:    Sun Apr 17 17:18:27 +0000 2005
>Last-Modified:  Sun Apr 17 17:19:00 +0000 2005
>Originator:     Christian Biere
>Release:        NetBSD 1.6Q
>Organization:
>Environment:
>Description:

At least the following file(s) seem(s) to be affected:

sys/arch/next68k/stand/boot/devopen.c

*** This general description which might only partially apply to this PR ***

The is* (e.g., isdigit() but not isascii()) functions from <ctype.h> as well
as tolower() and toupper() expect an parameter of type int. However, the
behaviour is only defined for values which are EOF or representable as
an unsigned char. Several architectures have char as signed char by default.
This means if you pass a parameter of type char it will be automatically
casted to (signed) int and therefore the value isn't representable as
an unsigned char or EOF for negative values (except -1 which is normally EOF).
The result might be a crash or simply *anything* as the behaviour isn't
defined for these cases.

I have not verified whether there are any preconditions which prevent
an actual problem. The code might work for the suggested platform, it
might not be used, the characters might be prefiltered etc. However,
it's so simple toofix but so often done wrong, that I don't think anyone
should waste his with going into deep here.

KISS: If you work with strings use unsigned char or cast to it. If you use
int make sure that it's from fgetc(), getc() etc. or better check for EOF
and cast it to unsigned char after that.

Furthermore, it's often not considered that these functions respect the
current locale settings.

>How-To-Repeat:

>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: christos@netbsd.org
State-Changed-When: Sun, 17 Apr 2005 13:18:27 -0400
State-Changed-Why:
fixed


From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/21172 CVS commit: src/sys/arch/next68k/stand/boot
Date: Sun, 17 Apr 2005 17:18:16 +0000 (UTC)

 Module Name:	src
 Committed By:	christos
 Date:		Sun Apr 17 17:18:16 UTC 2005

 Modified Files:
 	src/sys/arch/next68k/stand/boot: devopen.c

 Log Message:
 PR/21172: Christian Biere: ctype function misuse.


 To generate a diff of this commit:
 cvs rdiff -r1.3 -r1.4 src/sys/arch/next68k/stand/boot/devopen.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

Home	PR Database Search