From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 1 Jul 2014 23:10:38 +0200 Subject: Audit and replace all ctype.h uses Something like "char *s = ...; isdigit(s[0]);" triggers undefined behavior, because char can be signed, and thus s[0] can be a negative value. The is*() functions require unsigned char _or_ EOF. EOF is a special value outside of unsigned char range, thus the argument to the is*() functions can't be a char. This undefined behavior can actually trigger crashes if the implementation of these functions e.g. uses lookup tables, which are then indexed with out-of-range values. Replace all uses with our own custom mp_is*() functions added with misc/ctype.h. As a bonus, these functions are locale-independent. (Although currently, we _require_ C locale for other reasons.) --- audio/out/ao_alsa.c | 1 - audio/out/ao_coreaudio_utils.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'audio') diff --git a/audio/out/ao_alsa.c b/audio/out/ao_alsa.c index 25a051fee8..cd46e52806 100644 --- a/audio/out/ao_alsa.c +++ b/audio/out/ao_alsa.c @@ -31,7 +31,6 @@ #include #include #include -#include #include #include diff --git a/audio/out/ao_coreaudio_utils.c b/audio/out/ao_coreaudio_utils.c index 11f89422ff..052f63d608 100644 --- a/audio/out/ao_coreaudio_utils.c +++ b/audio/out/ao_coreaudio_utils.c @@ -30,7 +30,7 @@ char *fourcc_repr(void *talloc_ctx, uint32_t code) { // Extract FourCC letters from the uint32_t and finde out if it's a valid // code that is made of letters. - char fcc[4] = { + unsigned char fcc[4] = { (code >> 24) & 0xFF, (code >> 16) & 0xFF, (code >> 8) & 0xFF, @@ -39,7 +39,7 @@ char *fourcc_repr(void *talloc_ctx, uint32_t code) bool valid_fourcc = true; for (int i = 0; i < 4; i++) - if (!isprint(fcc[i])) + if (fcc[i] >= 32 && fcc[i] < 128) valid_fourcc = false; char *repr; -- cgit v1.2.3