From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Tue, 1 Jul 2014 23:10:38 +0200
Subject: Audit and replace all ctype.h uses

Something like "char *s = ...; isdigit(s[0]);" triggers undefined
behavior, because char can be signed, and thus s[0] can be a negative
value. The is*() functions require unsigned char _or_ EOF. EOF is a
special value outside of unsigned char range, thus the argument to the
is*() functions can't be a char.

This undefined behavior can actually trigger crashes if the
implementation of these functions e.g. uses lookup tables, which are
then indexed with out-of-range values.

Replace all <ctype.h> uses with our own custom mp_is*() functions added
with misc/ctype.h. As a bonus, these functions are locale-independent.
(Although currently, we _require_ C locale for other reasons.)
---
 bstr/bstr.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'bstr/bstr.c')

diff --git a/bstr/bstr.c b/bstr/bstr.c
index 964934a100..de8f285161 100644
--- a/bstr/bstr.c
+++ b/bstr/bstr.c
@@ -18,7 +18,6 @@
 
 #include <string.h>
 #include <assert.h>
-#include <ctype.h>
 #include <stdarg.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -28,6 +27,7 @@
 #include "talloc.h"
 
 #include "common/common.h"
+#include "misc/ctype.h"
 #include "bstr/bstr.h"
 
 int bstrcmp(struct bstr str1, struct bstr str2)
@@ -104,7 +104,7 @@ int bstr_find(struct bstr haystack, struct bstr needle)
 
 struct bstr bstr_lstrip(struct bstr str)
 {
-    while (str.len && isspace(*str.start)) {
+    while (str.len && mp_isspace(*str.start)) {
         str.start++;
         str.len--;
     }
@@ -114,7 +114,7 @@ struct bstr bstr_lstrip(struct bstr str)
 struct bstr bstr_strip(struct bstr str)
 {
     str = bstr_lstrip(str);
-    while (str.len && isspace(str.start[str.len - 1]))
+    while (str.len && mp_isspace(str.start[str.len - 1]))
         str.len--;
     return str;
 }
@@ -242,7 +242,7 @@ bool bstr_eatstart(struct bstr *s, struct bstr prefix)
 void bstr_lower(struct bstr str)
 {
     for (int i = 0; i < str.len; i++)
-        str.start[i] = tolower(str.start[i]);
+        str.start[i] = mp_tolower(str.start[i]);
 }
 
 int bstr_sscanf(struct bstr str, const char *format, ...)
-- 
cgit v1.2.3