From 9a210ca2d50e02bf045866bbb2f44a33a3c48cd9 Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Tue, 1 Jul 2014 23:10:38 +0200
Subject: Audit and replace all ctype.h uses

Something like "char *s = ...; isdigit(s[0]);" triggers undefined
behavior, because char can be signed, and thus s[0] can be a negative
value. The is*() functions require unsigned char _or_ EOF. EOF is a
special value outside of unsigned char range, thus the argument to the
is*() functions can't be a char.

This undefined behavior can actually trigger crashes if the
implementation of these functions e.g. uses lookup tables, which are
then indexed with out-of-range values.

Replace all <ctype.h> uses with our own custom mp_is*() functions added
with misc/ctype.h. As a bonus, these functions are locale-independent.
(Although currently, we _require_ C locale for other reasons.)
---
 video/out/gl_common.c     | 1 -
 video/out/pnm_loader.c    | 6 +++---
 video/out/vo_opengl_old.c | 4 ++--
 3 files changed, 5 insertions(+), 6 deletions(-)

(limited to 'video')

diff --git a/video/out/gl_common.c b/video/out/gl_common.c
index 131a35daaf..f9af3f32af 100644
--- a/video/out/gl_common.c
+++ b/video/out/gl_common.c
@@ -36,7 +36,6 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
-#include <ctype.h>
 #include <stdbool.h>
 #include <math.h>
 #include <assert.h>
diff --git a/video/out/pnm_loader.c b/video/out/pnm_loader.c
index 048461e51f..70afe0fa23 100644
--- a/video/out/pnm_loader.c
+++ b/video/out/pnm_loader.c
@@ -33,7 +33,7 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdio.h>
-#include <ctype.h>
+#include "misc/ctype.h"
 #include "pnm_loader.h"
 
 /**
@@ -48,7 +48,7 @@ static void ppm_skip(FILE *f) {
       comment = 1;
     if (c == '\n')
       comment = 0;
-  } while (c != EOF && (isspace(c) || comment));
+  } while (c != EOF && (mp_isspace(c) || comment));
   if (c != EOF)
     ungetc(c, f);
 }
@@ -77,7 +77,7 @@ uint8_t *read_pnm(FILE *f, int *width, int *height,
   if (fscanf(f, "%u", &m) != 1)
     return NULL;
   val = fgetc(f);
-  if (!isspace(val))
+  if (!mp_isspace(val))
     return NULL;
   if (w > MAXDIM || h > MAXDIM)
     return NULL;
diff --git a/video/out/vo_opengl_old.c b/video/out/vo_opengl_old.c
index d9c7e8baed..87ba48068a 100644
--- a/video/out/vo_opengl_old.c
+++ b/video/out/vo_opengl_old.c
@@ -28,12 +28,12 @@
 #include <string.h>
 #include <math.h>
 #include <stdbool.h>
-#include <ctype.h>
 #include <assert.h>
 
 #include "config.h"
 #include "talloc.h"
 #include "common/msg.h"
+#include "misc/ctype.h"
 #include "options/m_option.h"
 #include "vo.h"
 #include "video/vfcap.h"
@@ -538,7 +538,7 @@ static void replace_var_str(char **text, const char *name, const char *replace)
         nextvar += namelen;
         // try not to replace prefixes of other vars (e.g. $foo vs. $foo_bar)
         char term = nextvar[0];
-        if (isalnum(term) || term == '_')
+        if (mp_isalnum(term) || term == '_')
             continue;
         int prelength = until - *text;
         int postlength = nextvar - *text;
-- 
cgit v1.2.3