Re: undefined behavior in builtin/am.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Roland

On 01/07/2022 18:03, Roland Illig wrote:
Hi,

builtin/am.c says:
 > static int str_isspace(const char *str)
 > {
 >     for (; *str; str++)
 >         if (!isspace(*str))
 >             return 0;
 >
 >     return 1;
 > }

The macro 'isspace' must only be called with an integer representable as
an 'unsigned char', or with the value of the macro EOF.

Thanks for reporting this. Git uses its own version of isspace() (see git-compat-util.h & ctype.c) which does not suffer from this limitation as it casts its argument to an unsigned char.

Best Wishes

Phillip

On platforms where plain 'char' is a signed integer type, any character
whose value is negative invokes undefined behavior (except for the one
character that by coincidence has the same value as the macro EOF).

To fix this, write '!isspace((unsigned char)*str)' instead.

I have no idea how to trigger this part of the code but for someone who
knows this part of Git, it should be easy. Depending on the platform,
this kind of error may be silently ignored or crash the program, as
always with undefined behavior.

Roland




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux