patch 9.1.0006: is*() and to*() function may be unsafe

Problem:  is*() and to*() function may be unsafe
Solution: Add SAFE_* macros and start using those instead
          (Keith Thompson)

Use SAFE_() macros for is*() and to*() functions

The standard is*() and to*() functions declared in <ctype.h> have
undefined behavior for negative arguments other than EOF.  If plain char
is signed, passing an unchecked value from argv for from user input
to one of these functions has undefined behavior.

Solution: Add SAFE_*() macros that cast the argument to unsigned char.

Most implementations behave sanely for negative arguments, and most
character values in practice are non-negative, but it's still best
to avoid undefined behavior.

The change from #13347 has been omitted, as this has already been
separately fixed in commit ac709e2fc0
(v9.0.2054)

fixes: #13332
closes: #13347

Signed-off-by: Keith Thompson <Keith.S.Thompson@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Keith Thompson
2024-01-04 21:19:04 +01:00
committed by Christian Brabandt
parent 4d8cb683b1
commit 184f71cc68
44 changed files with 122 additions and 109 deletions

View File

@ -870,7 +870,7 @@ start_redo(long count, int old_redo)
{
c = read_redo(FALSE, old_redo);
add_char_buff(&readbuf2, c);
if (!isdigit(c))
if (!SAFE_isdigit(c))
break;
}
c = read_redo(FALSE, old_redo);
@ -1873,7 +1873,7 @@ vgetc(void)
// Handle <SID>{sid}; Do up to 20 digits for safety.
last_used_sid = 0;
for (j = 0; j < 20 && isdigit(c = vgetorpeek(TRUE)); ++j)
for (j = 0; j < 20 && SAFE_isdigit(c = vgetorpeek(TRUE)); ++j)
last_used_sid = last_used_sid * 10 + (c - '0');
last_used_map = NULL;
continue;