-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Bruno Haible on 3/24/2007 5:22 AM:
>
> When you look at the code, you see that the user only has to set the variable
> ARGP_HELP_FMT to a value containing non-ASCII characters, to make the program
> crash. Note that the code in glibc does not have this problem, since in glibc
> (and only in glibc!) the <ctype.h> functions may also be called with values
> in the range -128..-1.
Actually, cygwin gets away with that, too, even though it does not use
glibc. And platforms where char is unsigned have no problem. But in
general, you are correct that passing plain char to ctype functions is
dangerous.
>
> I'm applying this. Sergey, I guess you don't have a better fix for it?
Rather than use lots of casts, coreutils does this in a common header:
/* Convert a possibly-signed character to an unsigned character. This is
a bit safer than casting to unsigned char, since it catches some type
errors that the cast doesn't. */
static inline unsigned char to_uchar (char ch) { return ch; }
then uses the equivalent:
> -#define SKIPWS(p) do { while (isspace (*p)) p++; } while (0);
> +#define SKIPWS(p) do { while (isspace ((unsigned char) *p)) p++; } while (0);
#define SKIPWS(p) do { while (isspace (to_uchar (*p))) p++; } while (0);
Speaking of which, why is SKIPWS defined with a trailing ;?
- --
Don't work too hard, make some time for fun as well!
Eric Blake [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGBRWn84KuGfSFAYARAidHAKDM+5T5ICevmyvAKtXx0eypZSnxHQCffhxU
XuY+iZTwOiBnf14kHZIl/Kc=
=QinU
-----END PGP SIGNATURE-----
