From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Tue, 1 Jul 2014 23:10:38 +0200
Subject: Audit and replace all ctype.h uses

Something like "char *s = ...; isdigit(s[0]);" triggers undefined
behavior, because char can be signed, and thus s[0] can be a negative
value. The is*() functions require unsigned char _or_ EOF. EOF is a
special value outside of unsigned char range, thus the argument to the
is*() functions can't be a char.

This undefined behavior can actually trigger crashes if the
implementation of these functions e.g. uses lookup tables, which are
then indexed with out-of-range values.

Replace all <ctype.h> uses with our own custom mp_is*() functions added
with misc/ctype.h. As a bonus, these functions are locale-independent.
(Although currently, we _require_ C locale for other reasons.)
---
 demux/demux_mkv.c       | 1 -
 demux/demux_subreader.c | 1 -
 demux/mf.c              | 4 ++--
 3 files changed, 2 insertions(+), 4 deletions(-)

(limited to 'demux')

diff --git a/demux/demux_mkv.c b/demux/demux_mkv.c
index e3991372f9..25591cd60a 100644
--- a/demux/demux_mkv.c
+++ b/demux/demux_mkv.c
@@ -23,7 +23,6 @@
 
 #include <stdlib.h>
 #include <stdio.h>
-#include <ctype.h>
 #include <inttypes.h>
 #include <stdbool.h>
 #include <assert.h>
diff --git a/demux/demux_subreader.c b/demux/demux_subreader.c
index d3a792c9d2..6eb58f0033 100644
--- a/demux/demux_subreader.c
+++ b/demux/demux_subreader.c
@@ -26,7 +26,6 @@
 #include <string.h>
 #include <sys/types.h>
 #include <dirent.h>
-#include <ctype.h>
 
 #include <libavutil/common.h>
 #include <libavutil/avstring.h>
diff --git a/demux/mf.c b/demux/mf.c
index 5edc98043a..d687c3cb19 100644
--- a/demux/mf.c
+++ b/demux/mf.c
@@ -16,7 +16,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -30,6 +29,7 @@
 #include "talloc.h"
 #include "common/msg.h"
 #include "stream/stream.h"
+#include "misc/ctype.h"
 #include "options/path.h"
 
 #include "mf.h"
@@ -55,7 +55,7 @@ mf_t *open_mf_pattern(void *talloc_ctx, struct mp_log *log, char *filename)
             while (fgets(fname, 512, lst_f)) {
                 /* remove spaces from end of fname */
                 char *t = fname + strlen(fname) - 1;
-                while (t > fname && isspace((unsigned char)*t))
+                while (t > fname && mp_isspace(*t))
                     *(t--) = 0;
                 if (!mp_path_exists(fname)) {
                     mp_verbose(log, "file not found: '%s'\n", fname);
-- 
cgit v1.2.3