From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Tue, 1 Jul 2014 23:10:38 +0200
Subject: Audit and replace all ctype.h uses

Something like "char *s = ...; isdigit(s[0]);" triggers undefined
behavior, because char can be signed, and thus s[0] can be a negative
value. The is*() functions require unsigned char _or_ EOF. EOF is a
special value outside of unsigned char range, thus the argument to the
is*() functions can't be a char.

This undefined behavior can actually trigger crashes if the
implementation of these functions e.g. uses lookup tables, which are
then indexed with out-of-range values.

Replace all <ctype.h> uses with our own custom mp_is*() functions added
with misc/ctype.h. As a bonus, these functions are locale-independent.
(Although currently, we _require_ C locale for other reasons.)
---
 options/m_option.c         |  1 -
 options/parse_configfile.c | 16 ++++++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

(limited to 'options')

diff --git a/options/m_option.c b/options/m_option.c
index 3baaaa6762..52dd18b9d2 100644
--- a/options/m_option.c
+++ b/options/m_option.c
@@ -29,7 +29,6 @@
 #include <limits.h>
 #include <inttypes.h>
 #include <unistd.h>
-#include <ctype.h>
 #include <assert.h>
 
 #include <libavutil/common.h>
diff --git a/options/parse_configfile.c b/options/parse_configfile.c
index 1e12a5c47f..112a26b115 100644
--- a/options/parse_configfile.c
+++ b/options/parse_configfile.c
@@ -22,13 +22,13 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <ctype.h>
 #include <assert.h>
 
 #include "osdep/io.h"
 
 #include "parse_configfile.h"
 #include "common/msg.h"
+#include "misc/ctype.h"
 #include "m_option.h"
 #include "m_config.h"
 
@@ -95,7 +95,7 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
         line_pos = 0;
 
         /* skip whitespaces */
-        while (isspace(line[line_pos]))
+        while (mp_isspace(line[line_pos]))
             ++line_pos;
 
         /* EOL / comment */
@@ -103,7 +103,7 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
             continue;
 
         /* read option. */
-        for (opt_pos = 0; isprint(line[line_pos]) &&
+        for (opt_pos = 0; mp_isprint(line[line_pos]) &&
              line[line_pos] != ' ' &&
              line[line_pos] != '#' &&
              line[line_pos] != '='; /* NOTHING */) {
@@ -133,7 +133,7 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
         }
 
         /* skip whitespaces */
-        while (isspace(line[line_pos]))
+        while (mp_isspace(line[line_pos]))
             ++line_pos;
 
         param_pos = 0;
@@ -145,7 +145,7 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
             param_set = true;
 
             /* whitespaces... */
-            while (isspace(line[line_pos]))
+            while (mp_isspace(line[line_pos]))
                 ++line_pos;
 
             /* read the parameter */
@@ -187,8 +187,8 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
                 }
             }
 
-            for (param_pos = 0; isprint(line[line_pos])
-                    && !isspace(line[line_pos])
+            for (param_pos = 0; mp_isprint(line[line_pos])
+                    && !mp_isspace(line[line_pos])
                     && line[line_pos] != '#'; /* NOTHING */) {
                 param[param_pos++] = line[line_pos++];
                 if (param_pos >= MAX_PARAM_LEN) {
@@ -202,7 +202,7 @@ int m_config_parse_config_file(m_config_t *config, const char *conffile,
 
         param_done:
 
-            while (isspace(line[line_pos]))
+            while (mp_isspace(line[line_pos]))
                 ++line_pos;
         }
         param[param_pos] = '\0';
-- 
cgit v1.2.3