NetBSD Problem Report #21156

Received: (qmail 18766 invoked by uid 605); 14 Apr 2003 11:04:39 -0000
Message-Id: <20030414130433.2b35978a.christianbiere@gmx.de>
Date: Mon, 14 Apr 2003 13:04:33 +0200
From: Christian Biere <christianbiere@gmx.de>
Sender: gnats-bugs-owner@netbsd.org
To: gnats-bugs@gnats.netbsd.org
Subject: Potential misuse of ctype functions [bc]

>Number:         21156
>Category:       bin
>Synopsis:       Potential misuse of ctype functions [bc]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 14 11:05:00 +0000 2003
>Closed-Date:    Fri Feb 11 22:07:55 +0000 2022
>Last-Modified:  Fri Feb 11 22:07:55 +0000 2022
>Originator:     Christian Biere
>Release:        NetBSD 1.6Q
>Organization:
>Environment:
>Description:

At least the following file(s) seem(s) to be affected:

gnu/dist/bc/bc/execute.c
gnu/dist/bc/bc/load.c
gnu/dist/bc/lib/number.c

*** This general description which might only partially apply to this PR ***

The is* (e.g., isdigit() but not isascii()) functions from <ctype.h> as well
as tolower() and toupper() expect an parameter of type int. However, the
behaviour is only defined for values which are EOF or representable as
an unsigned char. Several architectures have char as signed char by default.
This means if you pass a parameter of type char it will be automatically
casted to (signed) int and therefore the value isn't representable as
an unsigned char or EOF for negative values (except -1 which is normally EOF).
The result might be a crash or simply *anything* as the behaviour isn't
defined for these cases.

I have not verified whether there are any preconditions which prevent
an actual problem. The code might work for the suggested platform, it
might not be used, the characters might be prefiltered etc. However,
it's so simple toofix but so often done wrong, that I don't think anyone
should waste his with going into deep here.

KISS: If you work with strings use unsigned char or cast to it. If you use
int make sure that it's from fgetc(), getc() etc. or better check for EOF
and cast it to unsigned char after that.

Furthermore, it's often not considered that these functions respect the
current locale settings.

>How-To-Repeat:

>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: christos@netbsd.org
State-Changed-When: Sun, 17 Apr 2005 13:08:30 -0400
State-Changed-Why:
fixed


State-Changed-From-To: closed->open
State-Changed-By: christos@netbsd.org
State-Changed-When: Sun, 17 Apr 2005 13:32:34 -0400
State-Changed-Why:
not fixed


From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/21156
Date: Sun, 08 Oct 2006 22:41:36 +0200

 This PR also applies to at least the following files:

 (from PR/21157)
 gnu/dist/cvs/diff/ifdef.c
 gnu/dist/cvs/src/filesubr.c

 (from PR/21159)
 gnu/dist/texinfo/info/infodoc.c
 gnu/dist/texinfo/info/display.c
 gnu/dist/texinfo/info/footnotes.c
 gnu/dist/texinfo/info/indices.c
 gnu/dist/texinfo/info/nodes.c
 [...]

 (from PR/21163)
 gnu/usr.bin/gas/read.c

 (from PR/21164)
 gnu/usr.bin/ld/ld/cplus-dem.c

 -e.

 -- 
 Elad Efrat

From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/21156
Date: Mon, 09 Oct 2006 00:54:52 +0200

 (from PR/21161)
 gnu/dist/toolchain/gdb/arm-tdep.c
 gnu/dist/toolchain/gdb/breakpoint.c
 [...]

 -e.

 -- 
 Elad Efrat

State-Changed-From-To: open->closed
State-Changed-By: rillig@NetBSD.org
State-Changed-When: Fri, 11 Feb 2022 22:07:55 +0000
State-Changed-Why:
Since 2021-04-05, lint warns for calls to the functions or macros from
<ctype.h> that pass a wrong type.  See usr.bin/xlint/lint1/ckctype.c
for the implementation.

See also https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99950.

This doesn't fix the issue completely but at least makes the locations
visible that may lead to undefined behavior.


>Unformatted:

Home	PR Database Search