NetBSD Problem Report #21173
Received: (qmail 9147 invoked by uid 605); 14 Apr 2003 11:24:47 -0000
Message-Id: <20030414132439.4de0a91f.christianbiere@gmx.de>
Date: Mon, 14 Apr 2003 13:24:39 +0200
From: Christian Biere <christianbiere@gmx.de>
Sender: gnats-bugs-owner@netbsd.org
To: gnats-bugs@gnats.netbsd.org
Subject: Potential misuse of ctype functions [bellctrl]
>Number: 21173
>Category: port-x68k
>Synopsis: Potential misuse of ctype functions [bellctrl]
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-x68k-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 14 11:25:00 +0000 2003
>Closed-Date: Wed Jun 02 01:40:45 +0000 2004
>Last-Modified: Sun Apr 30 09:15:12 +0000 2006
>Originator: Christian Biere
>Release: NetBSD 1.6Q
>Organization:
>Environment:
>Description:
At least the following file(s) seem(s) to be affected:
sys/arch/x68k/usr.bin/bellctrl/bellctrl.c
*** This general description which might only partially apply to this PR ***
The is* (e.g., isdigit() but not isascii()) functions from <ctype.h> as well
as tolower() and toupper() expect an parameter of type int. However, the
behaviour is only defined for values which are EOF or representable as
an unsigned char. Several architectures have char as signed char by default.
This means if you pass a parameter of type char it will be automatically
casted to (signed) int and therefore the value isn't representable as
an unsigned char or EOF for negative values (except -1 which is normally EOF).
The result might be a crash or simply *anything* as the behaviour isn't
defined for these cases.
I have not verified whether there are any preconditions which prevent
an actual problem. The code might work for the suggested platform, it
might not be used, the characters might be prefiltered etc. However,
it's so simple toofix but so often done wrong, that I don't think anyone
should waste his with going into deep here.
KISS: If you work with strings use unsigned char or cast to it. If you use
int make sure that it's from fgetc(), getc() etc. or better check for EOF
and cast it to unsigned char after that.
Furthermore, it's often not considered that these functions respect the
current locale settings.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Christian Biere <christianbiere@gmx.de>
To: gnats-bugs@gnats.netbsd.org
Cc:
Subject: Re: port-x68k/21173: Potential misuse of ctype functions [bellctrl]
Date: Sat, 15 Nov 2003 23:41:53 +0100
This has already been fixed in CVS:
revision 1.4
date: 2003/05/17 09:24:15; author: isaki; state: Exp; lines: +2 -2
Correct argument type of isdigit().
State-Changed-From-To: open->closed
State-Changed-By: minoura
State-Changed-When: Wed Jun 2 01:38:04 UTC 2004
State-Changed-Why:
Fixed in bellctl.c rev1.4 by isaki@.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.