From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001 From: wm4 Date: Tue, 1 Jul 2014 23:10:38 +0200 Subject: Audit and replace all ctype.h uses Something like "char *s = ...; isdigit(s[0]);" triggers undefined behavior, because char can be signed, and thus s[0] can be a negative value. The is*() functions require unsigned char _or_ EOF. EOF is a special value outside of unsigned char range, thus the argument to the is*() functions can't be a char. This undefined behavior can actually trigger crashes if the implementation of these functions e.g. uses lookup tables, which are then indexed with out-of-range values. Replace all uses with our own custom mp_is*() functions added with misc/ctype.h. As a bonus, these functions are locale-independent. (Although currently, we _require_ C locale for other reasons.) --- sub/find_subfiles.c | 6 +++--- sub/sd_microdvd.c | 1 - sub/sd_srt.c | 12 ++++++------ 3 files changed, 9 insertions(+), 10 deletions(-) (limited to 'sub') diff --git a/sub/find_subfiles.c b/sub/find_subfiles.c index 9313bf379d..ade267cfa6 100644 --- a/sub/find_subfiles.c +++ b/sub/find_subfiles.c @@ -1,16 +1,16 @@ #include #include #include -#include #include #include "osdep/io.h" +#include "common/common.h" #include "common/global.h" #include "common/msg.h" +#include "misc/ctype.h" #include "options/options.h" #include "options/path.h" -#include "common/common.h" #include "sub/find_subfiles.h" static const char *const sub_exts[] = {"utf", "utf8", "utf-8", "idx", "sub", "srt", @@ -75,7 +75,7 @@ static struct bstr guess_lang_from_filename(struct bstr name) if (name.start[i] == ')' || name.start[i] == ']') i--; - while (i >= 0 && isalpha(name.start[i])) { + while (i >= 0 && mp_isalpha(name.start[i])) { n++; if (n > 3) return (struct bstr){NULL, 0}; diff --git a/sub/sd_microdvd.c b/sub/sd_microdvd.c index 6e6a9c31a8..5de9a1814b 100644 --- a/sub/sd_microdvd.c +++ b/sub/sd_microdvd.c @@ -24,7 +24,6 @@ #include #include #include -#include #include #include "common/msg.h" diff --git a/sub/sd_srt.c b/sub/sd_srt.c index 733a27d0f4..0ca807f312 100644 --- a/sub/sd_srt.c +++ b/sub/sd_srt.c @@ -24,11 +24,11 @@ #include #include #include -#include -#include +#include "common/common.h" #include "common/msg.h" #include "bstr/bstr.h" +#include "misc/ctype.h" #include "sd.h" struct line { @@ -259,7 +259,7 @@ static int read_attr(char **s, struct bstr *attr, struct bstr *val) attr->start = *s; attr->len = eq - *s; for (int i = 0; i < attr->len; i++) - if (!isalnum(attr->start[i])) + if (!mp_isalnum(attr->start[i])) return -1; val->start = eq + 1; bool quoted = val->start[0] == '"'; @@ -290,7 +290,7 @@ static void convert_subrip(struct sd *sd, const char *orig, while (*line && new_line.len < new_line.bufsize - 1) { char *orig_line = line; - for (int i = 0; i < FF_ARRAY_ELEMS(subrip_basic_tags); i++) { + for (int i = 0; i < MP_ARRAY_SIZE(subrip_basic_tags); i++) { const struct tag_conv *tag = &subrip_basic_tags[i]; int from_len = strlen(tag->from); if (strncmp(line, tag->from, from_len) == 0) { @@ -331,7 +331,7 @@ static void convert_subrip(struct sd *sd, const char *orig, } } } else if (strncmp(line, "