ctype bug

Joerg Sonnenberger joerg at britannica.bec.de
Wed Jul 6 16:34:08 PDT 2005


On Wed, Jul 06, 2005 at 04:15:21PM -0700, Matthew Dillon wrote:
> :>     The is*() functions MUST properly fold signed chars to return the correct
> :>     result.  There is no two ways about it.  It MUST work, period.
> :
> :It can't.
> :
> :Joerg
> 
>     It's broken.  First, there is no way we are going to have ctype functions
>     which can access random memory if passed an out of bounds integer value. 
>     We are NOT writing API functions that do that, period.  Just because
>     the standard says the behavior is undefined doesn't mean we go and
>     let the program crash or do weird, ridiculous, stupid things.

*sigh* Which behaviour should be used instead? It can't return an error,
because this functions are not supposed to return errors. Second, it can't
return an arbitrary value, because that can be considered wrong too.
Third, it can't magically cast them to unsigned, because 255 is a valid letter
in UTF8, but also (signed)255 == EOF.

FreeBSD ignored this can returned arbitrary values, but that is not correct.
Yes, coredumping is BETTER behaviour because it can at least somewhat detect
that there is a problem.

I've written about this before and the only sensible solution would be to
switch to unsigned as default char. Anything else is WRONG.

This problem doesn't exist since today. Actually, it was always said that you
have to cast the argument in portable code. It's as simple as that, nothing else.

Since when do UNIX function check for arbitary violations of the interface?
Does strcmp check for NULL pointers being passed in? No, because it should not.
It just costs time for those who use it correctly. The same applies here.

Joerg





More information about the Commits mailing list